mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-26 16:07:48 +01:00

Files

Alexis Mousset 8c05fea5fa Add cvss information from nvd (#1085 )

2021-10-19 16:14:35 -06:00

763 B

Raw Blame History

[advisory]
id = "RUSTSEC-2021-0008"
package = "bra"
aliases = ["CVE-2021-25905"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
date = "2021-01-02"
url = "https://github.com/Enet4/bra-rs/issues/1"
categories = ["memory-exposure"]

[versions]
patched = [">= 0.1.1"]

reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)

Affected versions of this crate creates an uninitialized buffer and passes it to user-provided Read implementation.

This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory).

The flaw was corrected in version 0.1.1 by zero-initializing a newly allocated buffer before handing it to a user-provided Read implementation.

763 B Raw Blame History

reading on uninitialized buffer can cause UB (impl<R> BufRead for GreedyAccessReader<R>)

763 B

Raw Blame History

reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)