GHSA-gvcp-948f-8f2p

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Use of Uninitialized Resource in libp2p-deflate

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.

Ссылки

Пакеты

Наименование

libp2p-deflate

rust

Затронутые версииВерсия исправления

< 0.27.1

0.27.1

EPSS

Процентиль: 62%

0.00433

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-36443

Дефекты

CWE-908

Связанные уязвимости

CVE-2020-36443

CVSS3: 9.8

nvd

больше 4 лет назад

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.

EPSS

Процентиль: 62%

0.00433

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-36443

Дефекты

CWE-908