PT-2018-15604 · Rust · Smallvec

Publicado

2018-09-25

Atualizado

2024-06-15

CVE-2018-25023

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions smallvec crate versions prior to 0.6.13

Description An issue was discovered in the smallvec crate that can create an uninitialized value of any type, including a reference type. This is unsound, especially if the type is a reference type, which must be non-null and thus may not remain uninitialized. The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.

Recommendations For versions prior to 0.6.13, update to version 0.6.13 or later to resolve the issue. As a temporary workaround, consider avoiding the use of mem::uninitialized() and instead use MaybeUninit to create values of a user-supplied type T.

Exploit

Correção

Use of Uninitialized Resource

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-457CWE-908

Identificadores relacionados

CVE-2018-25023

GHSA-55M5-WHCV-C49C

GHSA-66P5-J55P-32R9

OPENSUSE-SU-2024:11720-1

OPENSUSE-SU-2024:11721-1

OPENSUSE-SU-2024:11729-1

RUSTSEC-2018-0018

Produtos afetados

Smallvec

PT-2018-15604 · Rust · Smallvec

CVE-2018-25023

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22