An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://rustsec.org/advisories/RUSTSEC-2021-0015.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-09T22:07:49
Updated: 2024-08-03T20:33:41.380Z
Reserved: 2021-02-09T00:00:00
Link: CVE-2021-26951
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-02-09T23:15:13.663
Modified: 2024-11-21T05:57:06.423
Link: CVE-2021-26951
Redhat
No data.