RUSTSEC-2021-0008: bra: reading on uninitialized buffer can cause UB (`impl BufRead for GreedyAccessReader`)


Affected versions of this crate creates an uninitialized buffer and passes it to user-provided Read implementation.

This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory).

The flaw was corrected in version 0.1.1 by zero-initializing a newly allocated buffer before handing it to a user-provided Read implementation.

More Info

Patched Versions