HistoryEdit

RUSTSEC-2021-0043

PartialReader passes uninitialized memory to user-provided Read

Issued
Package
uu_od (crates.io)
Type
Vulnerability
Categories
Aliases
Details
https://github.com/uutils/coreutils/issues/1729
CVSS Score
7.3 HIGH
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Patched
  • >=0.0.4

Description

Affected versions of this crate passed an uniniitalized buffer to a user-provided Read instance in PartialReader::read.

This can result in safe Read implementations reading from the uninitialized buffer leading to undefined behavior.

The flaw was fixed in commit 39d62c6 by zero-initializing the passed buffer.