mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00

Files

Yechan Bae b724f12a5b Update CVE numbers (#777 )

* Update CVE numbers

* Fix RUSTSEC-2020-0093

* Add another alias for async-h1 crate

2021-02-25 20:00:25 -05:00

709 B

Raw Blame History

[advisory]
id = "RUSTSEC-2021-0008"
package = "bra"
aliases = ["CVE-2021-25905"]
date = "2021-01-02"
url = "https://github.com/Enet4/bra-rs/issues/1"
categories = ["memory-exposure"]

[versions]
patched = [">= 0.1.1"]

reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)

Affected versions of this crate creates an uninitialized buffer and passes it to user-provided Read implementation.

This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory).

The flaw was corrected in version 0.1.1 by zero-initializing a newly allocated buffer before handing it to a user-provided Read implementation.

709 B Raw Blame History

reading on uninitialized buffer can cause UB (impl<R> BufRead for GreedyAccessReader<R>)

709 B

Raw Blame History

reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)