OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
4b0180593959c8627f9eeff3a3649870bd196cbc
advisory-db/crates/rkyv/RUSTSEC-2021-0054.md
github-actions[bot] db03320a5d Assigned RUSTSEC-2021-0054 to rkyv (#878) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
2021-04-29 11:54:36 +02:00

640 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0054"
package = "rkyv"
date = "2021-04-28"
url = "https://github.com/djkoloski/rkyv/issues/113"
categories = ["memory-exposure"]
keywords = ["uninitialized", "memory", "information", "leak"]

[versions]
patched = [">= 0.6.0"]

[affected]
functions = { "rkyv::Archive::resolve" = ["< 0.6.0"] }

Archives may contain uninitialized memory

rkyv is a serialization framework that writes struct-compatible memory to be stored or transmitted. During serialization, struct padding bytes and unused enum bytes may not be initialized. These bytes may be written to disk or sent over unsecured channels.