Описание
Out of bounds write in calamine
An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.
Пакеты
Наименование
calamine
rust
Затронутые версииВерсия исправления
< 0.17.0
0.17.0
Связанные уязвимости
CVSS3: 9.8
nvd
почти 5 лет назад
An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.