Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rustsecRustsecRUSTSEC-2021-0015
HistoryJan 06, 2021 - 12:00 p.m.

`Sectors::get` accesses unclaimed/uninitialized memory

2021-01-0612:00:00
rustsec.org
9
sectors
memory access
security issue
rust
ub

EPSS

0.005

Percentile

76.7%

JSON

Affected versions of this crate arbitrarily calls Vec::set_len to increase length of a vector without claiming more memory for the vector. Affected versions of this crate
also calls user-provided Read on the uninitialized memory of the vector that was
extended with Vec::set_len.

This can overwrite active entities in adjacent heap memory and seems to be a major security issue. Also, calling user-provided Read on uninitialized memory is defined as UB in Rust.

Related

cvelist 1
cve 1
prion 1
osv 3
github 1
nvd 1
cvelist
cvelist
CVE-2021-26951
2021-02-09 22:07:49
cve
cve
CVE-2021-26951
2021-02-09 23:15:13
prion
prion
Design/Logic Flaw
2021-02-09 23:15:00
osv
osv
`Sectors::get` accesses unclaimed/uninitialized memory
2021-01-06 12:00:00
Out of bounds write in calamine
2021-08-25 20:53:25
CVE-2021-26951
2021-02-09 23:15:13
github
github
Out of bounds write in calamine
2021-08-25 20:53:25
nvd
nvd
CVE-2021-26951
2021-02-09 23:15:13

EPSS

0.005

Percentile

76.7%

JSON
Related for RUSTSEC-2021-0015
cvelist1cve1prion1osv3github1nvd1