Описание
Deserialization of Untrusted Data in rust-cpuid
An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic.
Пакеты
Наименование
raw-cpuid
rust
Затронутые версииВерсия исправления
>= 3.1.0, < 9.1.1
9.1.1
Связанные уязвимости
CVSS3: 9.8
nvd
около 4 лет назад
An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic.