Описание
Read of uninitialized memory in cdr
An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.
Пакеты
Наименование
cdr
rust
Затронутые версииВерсия исправления
< 0.2.4
0.2.4
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.