- Reported
-
- Issued
-
- Package
-
messagepack-rs
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- References
-
- Patched
-
no patched versions
Description
Affected versions of this crate passed an uninitialized buffer to a
user-provided Read
instance in:
deserialize_binary
deserialize_string
deserialize_extension_others
deserialize_string_primitive
This can result in safe Read
implementations reading from the uninitialized
buffer leading to undefined behavior.
Advisory available under CC0-1.0
license.