OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-15 22:04:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0f4e16f7cd4339870985903cde44ea45ffe265c5
advisory-db/crates/memoffset/RUSTSEC-2019-0011.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

21 lines
775 B
Markdown
Raw Blame History

```toml
[advisory]
id = "RUSTSEC-2019-0011"
package = "memoffset"
aliases = ["CVE-2019-15553", "GHSA-rh89-x75f-rh3c"]
cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
date = "2019-07-16"
informational = "unsound"
url = "https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490"
[versions]
patched = [">= 0.5.0"]
```
# Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code
Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references.
They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic.
The flaw was corrected by using `MaybeUninit`.
Reference in New Issue View Git Blame Copy Permalink