OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-01 09:10:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3338fcfb59cea5fcd7d2a4e7fe24cbc7cb778003
advisory-db/crates/smallvec/RUSTSEC-2018-0018.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

658 B
Raw Blame History 

[advisory]
date = "2018-09-25"
id = "RUSTSEC-2018-0018"
package = "smallvec"
informational = "unsound"
url = "https://github.com/servo/rust-smallvec/issues/126"
aliases = ["CVE-2018-25023", "GHSA-55m5-whcv-c49c", "GHSA-66p5-j55p-32r9"]

[versions]
patched = [">= 0.6.13"]

smallvec creates uninitialized value of any type

Affected versions of this crate called mem::uninitialized() to create values of a user-supplied type T. This is unsound e.g. if T is a reference type (which must be non-null and thus may not remain uninitialized).

The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.