GHSA-66p5-j55p-32r9

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

Описание

smallvec creates uninitialized value of any type

Affected versions of this crate called mem::uninitialized() to create values of a user-supplied type T. This is unsound e.g. if T is a reference type (which must be non-null and thus may not remain uninitialized).

The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.

Ссылки

https://github.com/servo/rust-smallvec/issues/126
https://github.com/servo/rust-smallvec/pull/162
https://rustsec.org/advisories/RUSTSEC-2018-0018.html

Пакеты

Наименование

smallvec

rust

Затронутые версииВерсия исправления

< 0.6.13

0.6.13

Дефекты

CWE-457

Дефекты

CWE-457