OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ceefe80319cdd360f25b6c245ff03a8d2c193e67
advisory-db/crates/bra/RUSTSEC-2021-0008.md
Shnatsel f7a7e4a9a7 Assigned RUSTSEC-2021-0008 to bra
2021-01-20 19:10:46 +00:00

680 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0008"
package = "bra"
date = "2021-01-02"
url = "https://github.com/Enet4/bra-rs/issues/1"
categories = ["memory-exposure"]

[versions]
patched = [">= 0.1.1"]

reading on uninitialized buffer can cause UB (impl<R> BufRead for GreedyAccessReader<R>)

Affected versions of this crate creates an uninitialized buffer and passes it to user-provided Read implementation.

This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory).

The flaw was corrected in version 0.1.1 by zero-initializing a newly allocated buffer before handing it to a user-provided Read implementation.