HistoryEditJSON (OSV)

RUSTSEC-2021-0092

Deserialization functions pass uninitialized memory to user-provided Read

Reported
Issued
Package
messagepack-rs (crates.io)
Type
Vulnerability
Categories
Aliases
References
Patched
no patched versions

Description

Affected versions of this crate passed an uninitialized buffer to a user-provided Read instance in:

This can result in safe Read implementations reading from the uninitialized buffer leading to undefined behavior.

Advisory available under CC0-1.0 license.