OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-05 19:20:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Report 0085-cdr to RustSec

Browse Source
This commit is contained in:
JOE1994
2021-01-24 07:31:17 -05:00
parent 0a8f5ce4b9
commit d5dac477ee
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/cdr/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "cdr"
date = "2021-01-02"
url = "https://github.com/hrektts/cdr-rs/issues/10"
categories = ["memory-exposure"]
[versions]
patched = [">= 0.2.4"]
```
# Reading uninitialized memory can cause UB (`Deserializer::read_vec`)
`Deserializer::read_vec()` created an uninitialized buffer and passes it to a user-provided `Read` implementation (`Deserializer.reader.read_exact()`).
Passing an uninitialized buffer to an arbitrary `Read` implementation is currently defined as undefined behavior in Rust. Official documentation for the `Read` trait explains the following: "It is your responsibility to make sure that buf is initialized before calling read. Calling read with an uninitialized buf (of the kind one obtains via MaybeUninit<T>) is not safe, and can lead to undefined behavior."
The flaw was corrected in commit ce310f7 by zero-initializing the newly allocated buffer before handing it to `Deserializer.reader.read_exact()`.