OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-03 18:15:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d8701fad2d40aeca8e8564692f14a8d7c30a5136
advisory-db/crates/outer_cgi/RUSTSEC-2021-0051.md
Yechan Bae ce4db769c2 Update CVE numbers (#870)
2021-04-13 14:10:09 -07:00

761 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0051"
package = "outer_cgi"
aliases = ["CVE-2021-30454"]
date = "2021-01-31"
url = "https://github.com/SolraBizna/outer_cgi/issues/1"
categories = ["memory-exposure"]

[versions]
patched = [">= 0.2.1"]

KeyValueReader passes uninitialized memory to Read instance

The KeyValueReader type in affected versions of this crate set up an uninitialized memory buffer and passed them to be read in to a user-provided Read instance.

The Read instance could read uninitialized memory and cause undefined behavior and miscompilations.

This issue was fixed in commit dd59b30 by zero-initializing the buffers before passing them.