EUVD-2021-1636

Malware in sbrugna...

CVE-2018-20992

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled...

GHSA-8C6G-4XC5-W96C Uninitialized memory exposure in claxon

Affected versions of Claxon made an invalid assumption about the decode buffer size being a multiple of a value read from the bitstream. This could cause parts of the decode buffer to not be overwritten. If the decode buffer was newly allocated and uninitialized, this uninitialized memory could b...

audrey (=0.1.0) potentially affected by CVE-2018-20992 via claxon (=0.2.1)

claxon CARGO version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on claxon and may be impacted: - audrey =0.1.0 Source cves: CVE-2018-20992 Source advisory: OSV:GHSA-8C6G-4XC5-W96C...

Uninitialized memory exposure in claxon

Affected versions of Claxon made an invalid assumption about the decode buffer size being a multiple of a value read from the bitstream. This could cause parts of the decode buffer to not be overwritten. If the decode buffer was newly allocated and uninitialized, this uninitialized memory could b...

CVE-2018-20992

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled...

CVE-2018-20992

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled...

Code injection

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled...

CVE-2018-20992

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled...

CVE-2018-20992

The CVE-2018-20992 issue affects the Rust Claxon crate (pre-0.4.1). A decode-buffer size handling flaw allowed uninitialized memory to be exposed; parts of the decode buffer could be overwritten or revealed depending on the bitstream value. Public descriptions (e.g., GHSA and RustSec advisories) ...

RUSTSEC-2018-0004 Malicious input could cause uninitialized memory to be exposed

Affected versions of Claxon made an invalid assumption about the decode buffer size being a multiple of a value read from the bitstream. This could cause parts of the decode buffer to not be overwritten. If the decode buffer was newly allocated and uninitialized, this uninitialized memory could b...

audrey (=0.1.0) potentially affected by CVE-2018-20992 via claxon (=0.2.1)

claxon CARGO version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on claxon and may be impacted: - audrey =0.1.0 Source cves: CVE-2018-20992 Source advisory: OSV:RUSTSEC-2018-0004...

Malicious input could cause uninitialized memory to be exposed

Affected versions of Claxon made an invalid assumption about the decode buffer size being a multiple of a value read from the bitstream. This could cause parts of the decode buffer to not be overwritten. If the decode buffer was newly allocated and uninitialized, this uninitialized memory could b...