OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/autorand/RUSTSEC-2020-0103.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

771 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2020-0103"
package = "autorand"
aliases = ["CVE-2020-36210", "GHSA-cgmg-2v6m-fjg7"]
cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
date = "2020-12-31"
url = "https://github.com/mersinvald/autorand-rs/issues/5"
categories = ["memory-corruption"]

[versions]
patched = [">= 0.2.3"]

impl Random on arrays can lead to dropping uninitialized memory

Affected versions of this crate had a panic safety issue to drop partially uninitialized array of T upon panic in a user provided function T::random(). Dropping uninitialized T can potentially cause memory corruption or undefined behavior.

The flaw was corrected in commit 565d508 by using MaybeUninit<T> to avoid possible dropping of uninitialized memory upon panic.