- Affected Functions
Affected versions of libflate have set a field of an internal structure with a generic type to an uninitialized value in
MultiDecoder::read() and reverted it to the original value after the function completed. However, execution of
MultiDecoder::read() could be interrupted by a panic in caller-supplied
Read implementation. This would cause
drop() to be called on uninitialized memory of a generic type implementing
This is equivalent to a use-after-free vulnerability and could allow an attacker to gain arbitrary code execution.
The flaw was corrected by aborting immediately instead of unwinding the stack in case of panic within
MultiDecoder::read(). The issue was discovered and fixed by Shnatsel.