RUSTSEC-2021-0092

Deserialization functions pass uninitialized memory to user-provided Read

Issued
Package
messagepack-rs (crates.io)
Type
Vulnerability
Categories
  • memory-exposure
Details
https://github.com/otake84/messagepack-rs/issues/2
Patched
no patched versions

Description

Affected versions of this crate passed an uninitialized buffer to a user-provided Read instance in:

This can result in safe Read implementations reading from the uninitialized buffer leading to undefined behavior.

More