rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/messagepack-rs/RUSTSEC-2021-0092.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

821 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2021-0092"
package = "messagepack-rs"
date = "2021-01-26"
url = "https://github.com/otake84/messagepack-rs/issues/2"
categories = ["memory-exposure"]
aliases = ["CVE-2021-45690", "CVE-2021-45691", "CVE-2021-45692", "CVE-2021-45693", "GHSA-hr52-f9vp-582c", "GHSA-jqjj-r4qp-x2gh", "GHSA-jwfh-j623-m97h", "GHSA-m325-rxjv-pwph", "GHSA-vw5m-qw2r-m923"]

[versions]
patched = []

Deserialization functions pass uninitialized memory to user-provided Read

Affected versions of this crate passed an uninitialized buffer to a user-provided Read instance in:

  • deserialize_binary
  • deserialize_string
  • deserialize_extension_others
  • deserialize_string_primitive

This can result in safe Read implementations reading from the uninitialized buffer leading to undefined behavior.