Lucene search

[email protected]NVD:CVE-2021-31919

HistoryApr 30, 2021 - 3:15 a.m.

CVE-2021-31919

2021-04-3003:15:07

CWE-909

[email protected]

web.nvd.nist.gov

rkyv crate

rust

uninitialized values

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.8%

JSON

An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.

Affected configurations

Nvd

Node

rkyv_projectrkyvRange<0.6.0rust

VendorProductVersionCPE
rkyv_projectrkyv*cpe:2.3:a:rkyv_project:rkyv:*:*:*:*:*:rust:*:*

Vendor	Product	Version	CPE
rkyv_project	rkyv	*	cpe:2.3:a:rkyv_project:rkyv::::::rust::*

References

rustsec.org/advisories/RUSTSEC-2021-0054.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.8%

JSON

Related for NVD:CVE-2021-31919

prion1 osv3 cvelist1 github1 cve1 rustsec1