30 matches found
CVE-2021-26308
An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness...
mz-avro's incorrect use of `set_len` allows for un-initialized memory
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
GHSA-JWH2-VRR9-VCP2 mz-avro's incorrect use of `set_len` allows for un-initialized memory
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
Duplicate Advisory: `Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qwvx-c8j7-5g75. This link is maintained to preserve external references. Original Description Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read...
GHSA-6692-8QQF-79JC Duplicate Advisory: `Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qwvx-c8j7-5g75. This link is maintained to preserve external references. Original Description Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read...
GHSA-Q579-9WP9-GFP2 Window can read out of bounds if Read instance returns more bytes than buffer size
rdiff performs a diff of two provided strings or files. As part of its reading code it uses the return value of a Read instance to set the length of its internal character vector. If the Read implementation claims that it has read more bytes than the length of the provided buffer, the length of t...
Window can read out of bounds if Read instance returns more bytes than buffer size
rdiff performs a diff of two provided strings or files. As part of its reading code it uses the return value of a Read instance to set the length of its internal character vector. If the Read implementation claims that it has read more bytes than the length of the provided buffer, the length of t...
Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` )
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
`Read` on uninitialized buffer may cause UB ( `read_entry()` )
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. There are two of such cases gooffsetlog::readentry & offsetlog::readentry. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect...
Reading on uninitialized memory may cause UB ( `util::read_spv()` )
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
Use of Uninitialized Resource in tectonic_xdv
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
Incorrect use of `set_len` allows for un-initialized memory
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
GHSA-37JJ-WP7G-7WJ4 Read of uninitialized memory in cdr
An issue was discovered in Deserializer::readvec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness...
Read of uninitialized memory in cdr
An issue was discovered in Deserializer::readvec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness...
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
CVE-2021-26953
An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation...
CVE-2021-26953
An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation...
CVE-2021-26953
An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation...
CVE-2021-26305
An issue was discovered in Deserializer::readvec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness...
Heap overflow
An issue was discovered in Deserializer::readvec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness...