RUSTSEC-2021-0092
Deserialization functions pass uninitialized memory to user-provided Read
- Reported
- Issued
- Package
- messagepack-rs (crates.io)
- Type
- Vulnerability
- Categories
- Aliases
- References
- Patched
- no patched versions
Description
Affected versions of this crate passed an uninitialized buffer to a
user-provided Read instance in:
deserialize_binarydeserialize_stringdeserialize_extension_othersdeserialize_string_primitive
This can result in safe Read implementations reading from the uninitialized
buffer leading to undefined behavior.
Advisory available under CC0-1.0 license.