An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-09T22:07:49

Updated: 2024-08-03T20:33:41.380Z

Reserved: 2021-02-09T00:00:00

Link: CVE-2021-26951

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-02-09T23:15:13.663

Modified: 2024-11-21T05:57:06.423

Link: CVE-2021-26951

cve-icon Redhat

No data.