GHSA-cgmg-2v6m-fjg7

Suggest an improvement
Source
https://github.com/advisories/GHSA-cgmg-2v6m-fjg7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-cgmg-2v6m-fjg7/GHSA-cgmg-2v6m-fjg7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-cgmg-2v6m-fjg7
Aliases
Published
2021-08-25T20:50:41Z
Modified
2023-11-08T04:03:41.720212Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Free of uninitialized memory in autorand
Details

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.

Database specific
{
    "nvd_published_at": null,
    "github_reviewed_at": "2021-08-19T18:53:20Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-908"
    ]
}
References

Affected packages

crates.io / autorand

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.3