Home > Vulnerability Database > WS-2021-0030

Mend.io Vulnerability Database

WS-2021-0030

Good to know:

Date: March 1, 2021

The read_bytes_default_le function for [T; n] arrays, used to deserialize arrays of T from bytes created a [T; n] array with std::mem::uninitialized and then called T’s deserialization method. If T’s deserialization method panicked, the uninitialized memory could drop invalid objects. This flaw was corrected in v0.6.1 with commit a535678377de12bc6bc22620c5f59bcc1369f76f by removing the unsafe block and using a .map function to deserialize each element of the array instead.

Language: RUST

Severity Score

4.0

Related Resources (2)

Url: https://github.com/wwylele/byte-struct-rs/commit/a535678377de12bc6bc22620c5f59bcc1369f76f

Url: https://www.mend.io/vulnerability-database/WS-2021-0030

Severity Score

4.0

Weakness Type (CWE)

Improper Initialization

CWE-665

Top Fix

Upgrade Version

Upgrade to version v0.6.1

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2021-0030

Good to know:

Date: March 1, 2021

Language: RUST

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?