Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-QWVX-C8J7-5G75
HistoryJan 06, 2022 - 10:09 p.m.

Use of Uninitialized Resource in tectonic_xdv

2022-01-0622:09:19
Google
osv.dev
6
tectonic_xdv
uninitialized resource
memory exposure
undefined behavior
zero-initializing buffer

EPSS

0.002

Percentile

62.1%

JSON

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation.

Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.

The problem was fixed in commit cdff034 by zero-initializing the buffer before passing it to a user-provided Read implementation.

Related

cnvd 1
cve 1
prion 1
rustsec 1
nvd 1
github 1
osv 2
cvelist 1
cnvd
cnvd
Mozilla Rust has an unspecified vulnerability (CNVD-2022-03127)
2021-12-28 00:00:00
cve
cve
CVE-2021-45703
2021-12-27 00:15:09
prion
prion
Memory corruption
2021-12-27 00:15:00
rustsec
rustsec
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
2021-02-17 12:00:00
nvd
nvd
CVE-2021-45703
2021-12-27 00:15:09
github
github
Use of Uninitialized Resource in tectonic_xdv
2022-01-06 22:09:19
osv
osv
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
2021-02-17 12:00:00
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
2022-06-17 00:24:29
cvelist
cvelist
CVE-2021-45703
2021-12-26 21:48:44

EPSS

0.002

Percentile

62.1%

JSON
Related for OSV:GHSA-QWVX-C8J7-5G75
cnvd1cve1prion1rustsec1nvd1github1osv2cvelist1