Описание
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr
arr crate contains multiple security issues. Specifically,
- It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
- Index and IndexMut implementation does not check the array bound.
- Array::new_from_template() drops uninitialized memory.
Пакеты
Наименование
arr
rust
Затронутые версииВерсия исправления
<= 0.6.1
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template.