Описание
An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.27.1 (исключая)
cpe:2.3:a:libp2p:libp2p-deflate:*:*:*:*:*:rust:*:*
EPSS
Процентиль: 62%
0.00433
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-908
Связанные уязвимости
CVSS3: 9.8
github
больше 4 лет назад
Use of Uninitialized Resource in libp2p-deflate
EPSS
Процентиль: 62%
0.00433
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-908