OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-06 11:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
49fcc50d2b596defa5a1fc2cfaef4ebafddf46f2
advisory-db/crates/libflate/RUSTSEC-2019-0010.toml
Sergey "Shnatsel" Davidoff 7797133c67 Add CVE mapping
2020-03-18 17:15:13 +01:00

23 lines
1.2 KiB
TOML
Raw Blame History

[advisory]
id = "RUSTSEC-2019-0010"
package = "libflate"
date = "2019-07-04"
title = "MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code"
url = "https://github.com/sile/libflate/issues/35"
keywords = ["drop", "use-after-free"]
description = """
Affected versions of libflate have set a field of an internal structure with a generic type to an uninitialized value in `MultiDecoder::read()` and reverted it to the original value after the function completed. However, execution of `MultiDecoder::read()` could be interrupted by a panic in caller-supplied `Read` implementation. This would cause `drop()` to be called on uninitialized memory of a generic type implementing `Read`.
This is equivalent to a use-after-free vulnerability and could allow an attacker to gain arbitrary code execution.
The flaw was corrected by aborting immediately instead of unwinding the stack in case of panic within `MultiDecoder::read()`. The issue was discovered and fixed by Shnatsel.
"""
aliases = ["CVE-2019-15552"]
[affected.functions]
"libflate::gzip::MultiDecoder::read" = ["< 0.1.25, >= 0.1.14"]
[versions]
patched = [">= 0.1.25"]
unaffected = ["< 0.1.14"]
Reference in New Issue View Git Blame Copy Permalink