RUSTSEC-2021-0008

reading on uninitialized buffer can cause UB (impl<R> BufRead for GreedyAccessReader<R>)

Issued
Package
bra (crates.io)
Type
Vulnerability
Categories
  • memory-exposure
Aliases
Details
https://github.com/Enet4/bra-rs/issues/1
Patched
  • >=0.1.1

Description

Affected versions of this crate creates an uninitialized buffer and passes it to user-provided Read implementation.

This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory).

The flaw was corrected in version 0.1.1 by zero-initializing a newly allocated buffer before handing it to a user-provided Read implementation.

More