Affected versions of ruzstd
miscalculate the length of the allocated
and init section of its internal RingBuffer
, leading to uninitialized
or out-of-bounds reads in copy_bytes_overshooting
of up to 15 bytes.
This may result in up to 15 bytes of memory contents being written into the decoded data when decompressing a crafted archive. This may occur multiple times per archive.
{ "license": "CC0-1.0" }