mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00

Files

Yechan Bae b724f12a5b Update CVE numbers (#777 )

* Update CVE numbers

* Fix RUSTSEC-2020-0093

* Add another alias for async-h1 crate

2021-02-25 20:00:25 -05:00

694 B

Raw Blame History

[advisory]
id = "RUSTSEC-2020-0103"
package = "autorand"
aliases = ["CVE-2020-36210"]
date = "2020-12-31"
url = "https://github.com/mersinvald/autorand-rs/issues/5"
categories = ["memory-corruption"]

[versions]
patched = [">= 0.2.3"]

`impl Random` on arrays can lead to dropping uninitialized memory

Affected versions of this crate had a panic safety issue to drop partially uninitialized array of T upon panic in a user provided function T::random(). Dropping uninitialized T can potentially cause memory corruption or undefined behavior.

The flaw was corrected in commit 565d508 by using MaybeUninit<T> to avoid possible dropping of uninitialized memory upon panic.

694 B Raw Blame History

impl Random on arrays can lead to dropping uninitialized memory

694 B

Raw Blame History

`impl Random` on arrays can lead to dropping uninitialized memory