- Reported
-
- Issued
-
- Package
-
messagepack-rs
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- References
-
- Patched
-
no patched versions
Description
Affected versions of this crate passed an uninitialized buffer to a
user-provided Read instance in:
deserialize_binarydeserialize_stringdeserialize_extension_othersdeserialize_string_primitive
This can result in safe Read implementations reading from the uninitialized
buffer leading to undefined behavior.
Advisory available under CC0-1.0
license.