OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-02 06:51:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d8701fad2d40aeca8e8564692f14a8d7c30a5136
advisory-db/crates/acc_reader/RUSTSEC-2020-0155.md
github-actions[bot] ec590b08b7 Assigned RUSTSEC-2020-0155 to acc_reader (#993) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
2021-08-21 19:32:53 -06:00

20 lines
667 B
Markdown
Raw Blame History

```toml
[advisory]
id = "RUSTSEC-2020-0155"
package = "acc_reader"
date = "2020-12-27"
url = "https://github.com/netvl/acc_reader/issues/1"
categories = ["memory-exposure"]
informational = "unsound"
[versions]
patched = []
```
# `Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`
Affected versions of this crate passes an uninitialized buffer to a user-provided `Read` implementation.
Arbitrary `Read` implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer.
Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.
Reference in New Issue View Git Blame Copy Permalink