EUVD-2021-1656

Malware in sbrugna...

Memory corruption

An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read...

Rust 信息泄露漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. An information disclosure vulnerability exists in versions of Rust prior to 0.1.3, which can be exploited to obtain sensitive information via a memory location that is never initialized by IoReader :: read...

`IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

RUSTSEC-2021-0016 `IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...