Affected versions of this crate creates an uninitialized buffer and passes it to user-provided Read
implementation.
This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory).
The flaw was corrected in version 0.1.1 by zero-initializing a newly allocated buffer
before handing it to a user-provided Read
implementation.
{ "license": "CC0-1.0" }