RUSTSEC-2020-0103

impl Random on arrays can lead to dropping uninitialized memory

Issued
Package
autorand (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
Aliases
Details
https://github.com/mersinvald/autorand-rs/issues/5
Patched
  • >=0.2.3

Description

Affected versions of this crate had a panic safety issue to drop partially uninitialized array of T upon panic in a user provided function T::random(). Dropping uninitialized T can potentially cause memory corruption or undefined behavior.

The flaw was corrected in commit 565d508 by using MaybeUninit<T> to avoid possible dropping of uninitialized memory upon panic.

More