Wwylele

Name of the Vulnerable Software and Affected Versions: byte struct crate versions prior to 0.6.1 Description: An issue was discovered in the byte struct crate where a drop of uninitialized memory can occur if a certain deserialization method panics. Specifically, the `read bytes default le` function for `[T; n]` arrays used to deserialize arrays of `T` from bytes created a `[T; n]` array with `std::mem::uninitialized` and then called `T`'s deserialization method. If `T`'s deserialization method panicked, the uninitialized memory could drop invalid objects. Recommendations: For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `read bytes default le` function for `[T; n]` arrays until a patch is available. Restrict access to the deserialization method to minimize the risk of exploitation.