OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c6d6a43c6d2e3df6d6f4f3555d10980ac4b8dcfb
advisory-db/crates/memoffset/RUSTSEC-2019-0011.toml
Ralf Jung 9cd619f167 make memoffset advisory informational (#317)
2020-06-30 11:49:45 -07:00

18 lines
714 B
TOML
Raw Blame History

[advisory]
id = "RUSTSEC-2019-0011"
package = "memoffset"
date = "2019-07-16"
informational = "unsound"
title = "Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code"
url = "https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490"
description = """
Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references.
They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic.
The flaw was corrected by using `MaybeUninit`.
"""
aliases = ["CVE-2019-15553"]
[versions]
patched = [">= 0.5.0"]
Reference in New Issue View Git Blame Copy Permalink