mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-15 22:04:38 +01:00
21 lines
742 B
Markdown
21 lines
742 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2020-0154"
|
|
package = "buffoon"
|
|
date = "2020-12-31"
|
|
url = "https://github.com/carllerche/buffoon/issues/2"
|
|
categories = ["memory-exposure"]
|
|
informational = "unsound"
|
|
aliases = ["CVE-2020-36512", "GHSA-hmx9-jm3v-33hv", "GHSA-v938-qcc9-rwv8"]
|
|
|
|
[versions]
|
|
patched = []
|
|
```
|
|
|
|
# InputStream::read_exact : `Read` on uninitialized buffer causes UB
|
|
|
|
Affected versions of this crate passes an uninitialized buffer to a user-provided `Read` implementation.
|
|
|
|
Arbitrary `Read` implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer.
|
|
Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.
|