GitHub Advisory DatabaseGHSA-W9VV-Q986-VJ7XOut of bounds read in uu_od
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
48.3%
An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.
Affected configurations
References
github.com/advisories/GHSA-w9vv-q986-vj7x
github.com/uutils/coreutils/commit/39d62c6c1f809022c903180471c10fde6ecd12d1
github.com/uutils/coreutils/commit/5935876f38498b0c1f657d031171eb17028def6f
github.com/uutils/coreutils/commit/7341a1a033aa5980ac59bc9d4df978b396de4fad
github.com/uutils/coreutils/issues/1729
github.com/uutils/coreutils/pull/1730
github.com/uutils/coreutils/pull/1738
github.com/uutils/coreutils/pull/1739
nvd.nist.gov/vuln/detail/CVE-2021-29934
rustsec.org/advisories/RUSTSEC-2021-0043.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
48.3%