An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.
{ "nvd_published_at": null, "github_reviewed_at": "2021-08-19T17:53:09Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-908" ] }