212 matches found
GHSA-HMX9-JM3V-33HV InputStream::read_exact : `Read` on uninitialized buffer causes UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
InputStream::read_exact : `Read` on uninitialized buffer causes UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
`Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
GHSA-72R2-RG28-47V9 `read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)
Affected versions of this crate calls a user provided Read implementation on an uninitialized buffer. Read on uninitialized buffer is defined as undefined behavior in Rust...
GHSA-HV9V-7W3V-RJ6F `Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
Denial of Service (DoS)
Overview @discordjs/opus is a native bindings to libopus. Affected versions of this package are vulnerable to Denial of Service DoS when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash. PoC // Zero channels: javascript const OpusEncode...
Mageia: Security Advisory (MGASA-2017-0367)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CLSA-2022-1643198602 Fix of CVE: CVE-2020-10001
CVE-2020-10001: 1927452 cups: access to uninitialized buffer in ipp.c rhel-8...
columnar: Read on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation ColumnarReadExt::readtypedvec. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading...
GHSA-FF2R-XPWQ-6WHJ Use of Uninitialized Resource in gfx-auxil
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
Moderate: Red Hat Security Advisory: cups security and bug fix update
An update for cups is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
cups: access to uninitialized buffer in ipp.c
An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory...
Moderate: cups security and bug fix update
The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: access to uninitialized buffer in ipp.c CVE-2020-10001 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
Incorrect use of `set_len` allows for un-initialized memory
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
Use of uninitialized buffer in rkyv
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct...
GHSA-W5CR-FRPH-HW7F Use of uninitialized buffer in rkyv
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct...
GHSA-GVCP-948F-8F2P Use of Uninitialized Resource in libp2p-deflate
An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::pollread, which is a user-provided trait function...
Use of Uninitialized Resource in libp2p-deflate
An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::pollread, which is a user-provided trait function...
GHSA-6WP2-FW3V-MFMC Memory corruption in array-tools
An issue was discovered in the array-tools crate before 0.3.2 for Rust. Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone panics in FixedCapacityDequeLike::clone. This causes memory corruption...