OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9e93a3df4a54e70f2539a2ecdc3d70beef64c856
advisory-db/crates/messagepack-rs/RUSTSEC-2021-0092.md
github-actions[bot] 8d3e99a38a Assigned RUSTSEC-2021-0092 to messagepack-rs (#998) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
2021-08-21 19:41:04 -06:00

623 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0092"
package = "messagepack-rs"
date = "2021-01-26"
url = "https://github.com/otake84/messagepack-rs/issues/2"
categories = ["memory-exposure"]

[versions]
patched = []

Deserialization functions pass uninitialized memory to user-provided Read

Affected versions of this crate passed an uninitialized buffer to a user-provided Read instance in:

  • deserialize_binary
  • deserialize_string
  • deserialize_extension_others
  • deserialize_string_primitive

This can result in safe Read implementations reading from the uninitialized buffer leading to undefined behavior.