rustsec-2021-0012
Vulnerability from osv_rustsec
Published
2021-01-02 12:00
Modified
2023-06-13 13:10
Summary
Reading uninitialized memory can cause UB (`Deserializer::read_vec`)
Details

Deserializer::read_vec() created an uninitialized buffer and passes it to a user-provided Read implementation (Deserializer.reader.read_exact()).

Passing an uninitialized buffer to an arbitrary Read implementation is currently defined as undefined behavior in Rust. Official documentation for the Read trait explains the following: "It is your responsibility to make sure that buf is initialized before calling read. Calling read with an uninitialized buf (of the kind one obtains via MaybeUninit) is not safe, and can lead to undefined behavior."

The flaw was corrected in commit ce310f7 by zero-initializing the newly allocated buffer before handing it to Deserializer.reader.read_exact().

To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "categories": [
          "memory-exposure"
        ],
        "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "informational": null
      },
      "ecosystem_specific": {
        "affected_functions": null,
        "affects": {
          "arch": [],
          "functions": [],
          "os": []
        }
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "cdr",
        "purl": "pkg:cargo/cdr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0-0"
            },
            {
              "fixed": "0.2.4"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "versions": []
    }
  ],
  "aliases": [
    "CVE-2021-26305",
    "GHSA-37jj-wp7g-7wj4"
  ],
  "database_specific": {
    "license": "CC0-1.0"
  },
  "details": "`Deserializer::read_vec()` created an uninitialized buffer and passes it to a user-provided `Read` implementation (`Deserializer.reader.read_exact()`).\n\nPassing an uninitialized buffer to an arbitrary `Read` implementation is currently defined as undefined behavior in Rust. Official documentation for the `Read` trait explains the following: \"It is your responsibility to make sure that buf is initialized before calling read. Calling read with an uninitialized buf (of the kind one obtains via MaybeUninit\u003cT\u003e) is not safe, and can lead to undefined behavior.\"\n\nThe flaw was corrected in commit ce310f7 by zero-initializing the newly allocated buffer before handing it to `Deserializer.reader.read_exact()`.",
  "id": "RUSTSEC-2021-0012",
  "modified": "2023-06-13T13:10:24Z",
  "published": "2021-01-02T12:00:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://crates.io/crates/cdr"
    },
    {
      "type": "ADVISORY",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0012.html"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/hrektts/cdr-rs/issues/10"
    }
  ],
  "related": [],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Reading uninitialized memory can cause UB (`Deserializer::read_vec`)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.