CVE-2019-15553

Name of the Vulnerable Software and Affected Versions memoffset crate versions prior to 0.5.0

Description An issue in the memoffset crate can cause exposure of uninitialized memory. The affected versions of this crate can lead to traps and/or memory unsafety by zero-initializing references. Additionally, they can cause uninitialized memory to be dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic. The flaw was corrected by using MaybeUninit.

Recommendations For versions prior to 0.5.0, update to version 0.5.0 or later to resolve the issue. As a temporary workaround, consider using MaybeUninit to prevent uninitialized memory exposure until the update is applied.