PT-2018-15604 · Rust · Smallvec

Published

2018-09-25

Updated

2024-06-15

CVE-2018-25023

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions smallvec crate versions prior to 0.6.13

Description An issue was discovered in the smallvec crate that can create an uninitialized value of any type, including a reference type. This is unsound, especially if the type is a reference type, which must be non-null and thus may not remain uninitialized. The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.

Recommendations For versions prior to 0.6.13, update to version 0.6.13 or later to resolve the issue. As a temporary workaround, consider avoiding the use of mem::uninitialized() and instead use MaybeUninit to create values of a user-supplied type T.

Exploit

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457CWE-908

Related Identifiers

CVE-2018-25023

GHSA-55M5-WHCV-C49C

GHSA-66P5-J55P-32R9

OPENSUSE-SU-2024:11720-1

OPENSUSE-SU-2024:11721-1

OPENSUSE-SU-2024:11729-1

RUSTSEC-2018-0018

Affected Products

Smallvec

PT-2018-15604 · Rust · Smallvec

CVE-2018-25023

Weakness Enumeration

Related Identifiers

Affected Products

References · 22