- Reported
-
- Issued
-
- Package
-
buffered-reader
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#panic
- Aliases
-
- References
-
- Patched
-
>=1.0.2, <1.1.0>=1.1.5, <1.2.0>=1.2.0
Description
Affected versions of the crate have a bug where attacker-controlled
input can result in the use of an out-of-bound array index. Rust
detects the use of the out-of-bound index and causes the application
to panic. An attacker may be able to use this to cause a
denial-of-service. However, it is not possible for an attacker to
read from or write to the application's address space.
Advisory available under CC0-1.0
license.