Описание
Use of uninitialized buffer in rkyv
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-31919
- https://github.com/djkoloski/rkyv/issues/113
- https://github.com/djkoloski/rkyv/commit/9c65ae9c2c67dd949b5c3aba9b8eba6da802ab7e
- https://github.com/djkoloski/rkyv/commit/f141b560523a20557db6540576d153010bd18712
- https://rustsec.org/advisories/RUSTSEC-2021-0054.html
Пакеты
Наименование
rkyv
rust
Затронутые версииВерсия исправления
< 0.6.0
0.6.0
Связанные уязвимости
CVSS3: 7.5
nvd
почти 5 лет назад
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.