GHSA-m325-rxjv-pwph
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m325-rxjv-pwph
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-m325-rxjv-pwph/GHSA-m325-rxjv-pwph.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m325-rxjv-pwph
- Aliases
-
- CVE-2021-45690
- CVE-2021-45691
- CVE-2021-45692
- CVE-2021-45693
- GHSA-hr52-f9vp-582c
- GHSA-jqjj-r4qp-x2gh
- GHSA-jwfh-j623-m97h
- GHSA-vw5m-qw2r-m923
- RUSTSEC-2021-0092
- Published
- 2022-06-17T00:11:41Z
- Modified
- 2024-03-15T00:05:17.689306Z
- Summary
- Deserialization functions pass uninitialized memory to user-provided Read
- Details
-
Affected versions of this crate passed an uninitialized buffer to a user-provided
Readinstance in:deserialize_binarydeserialize_stringdeserialize_extension_othersdeserialize_string_primitive
This can result in safe
Readimplementations reading from the uninitialized buffer leading to undefined behavior. - Database specific
{ "github_reviewed_at": "2022-06-17T00:11:41Z", "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "nvd_published_at": null }- References
Affected packages
crates.io / messagepack-rs
Package
- Name
- messagepack-rs
- View open source insights on deps.dev
- Purl
- pkg:cargo/messagepack-rs