Lucene search
RustsecRUSTSEC-2021-0112HistoryFeb 17, 2021 - 12:00 p.m.
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
2021-02-1712:00:00
rustsec.org
9
uninitialized buffer
tectonic_xdv crate
read implementation
memory exposure
undefined behavior
zero-initialization
security vulnerability
commit cdff034.
EPSS
0.002
Percentile
62.1%
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation.
Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.
The problem was fixed in commit cdff034 by zero-initializing the buffer before passing it to a user-provided Read implementation.
Related
cnvd
cnvd
Mozilla Rust has an unspecified vulnerability (CNVD-2022-03127)
2021-12-28 00:00:00
cve
cve
CVE-2021-45703
2021-12-27 00:15:09
prion
prion
Memory corruption
2021-12-27 00:15:00
osv
osv
Use of Uninitialized Resource in tectonic_xdv
2022-01-06 22:09:19
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
2021-02-17 12:00:00
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
2022-06-17 00:24:29
nvd
nvd
CVE-2021-45703
2021-12-27 00:15:09
github
github
Use of Uninitialized Resource in tectonic_xdv
2022-01-06 22:09:19
cvelist
cvelist
CVE-2021-45703
2021-12-26 21:48:44