GHSA-GVCP-948F-8F2P Use of Uninitialized Resource in libp2p-deflate

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::pollread, which is a user-provided trait function...

CVE-2020-36443

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::pollread, which is a user-provided trait function...

Code injection

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::pollread, which is a user-provided trait function...

CVE-2020-36443

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::pollread, which is a user-provided trait function...

CVE-2020-36443

CVE-2020-36443 affects the libp2p-deflate crate prior to 0.27.1 for Rust. Root cause: an uninitialized buffer is passed to AsyncRead::poll_read(), invoked by a user-provided trait implementation. Impact: potential memory exposure from uninitialized memory; CVSS v3.1 base score 9.8 (CRITICAL), net...

Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation

Affected versions of this crate passes an uninitialized buffer to a user-provided trait function AsyncRead::pollread. Arbitrary AsyncRead::pollread implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading...

RUSTSEC-2020-0123 Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation

Affected versions of this crate passes an uninitialized buffer to a user-provided trait function AsyncRead::pollread. Arbitrary AsyncRead::pollread implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading...