GitHub Advisory DatabaseGHSA-W5CR-FRPH-HW7FUse of uninitialized buffer in rkyv
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
53.8%
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rkyv_project | rkyv | * | cpe:2.3:a:rkyv_project:rkyv:*:*:*:*:*:rust:*:* |
References
github.com/advisories/GHSA-w5cr-frph-hw7f
github.com/djkoloski/rkyv/commit/9c65ae9c2c67dd949b5c3aba9b8eba6da802ab7e
github.com/djkoloski/rkyv/commit/f141b560523a20557db6540576d153010bd18712
github.com/djkoloski/rkyv/issues/113
nvd.nist.gov/vuln/detail/CVE-2021-31919
rustsec.org/advisories/RUSTSEC-2021-0054.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
53.8%