Lucene search
GoogleOSV:RUSTSEC-2021-0015HistoryJan 06, 2021 - 12:00 p.m.
`Sectors::get` accesses unclaimed/uninitialized memory
2021-01-0612:00:00
Google
osv.dev
4
sectors::get|unclaimed memory|uninitialized memory|vec::set_len|overwriting memory|security issue|user-provided read|heap memory|ub in rust|affected version
EPSS
0.005
Percentile
76.7%
Affected versions of this crate arbitrarily calls Vec::set_len to increase length of a vector without claiming more memory for the vector. Affected versions of this crate
also calls user-provided Read on the uninitialized memory of the vector that was
extended with Vec::set_len.
This can overwrite active entities in adjacent heap memory and seems to be a major security issue. Also, calling user-provided Read on uninitialized memory is defined as UB in Rust.
Related
cve
cve
CVE-2021-26951
2021-02-09 23:15:13
cvelist
cvelist
CVE-2021-26951
2021-02-09 22:07:49
prion
prion
Design/Logic Flaw
2021-02-09 23:15:00
github
github
Out of bounds write in calamine
2021-08-25 20:53:25
rustsec
rustsec
`Sectors::get` accesses unclaimed/uninitialized memory
2021-01-06 12:00:00
osv
osv
Out of bounds write in calamine
2021-08-25 20:53:25
CVE-2021-26951
2021-02-09 23:15:13
nvd
nvd
CVE-2021-26951
2021-02-09 23:15:13