PT-2019-14269 · Rust · Memoffset

Published

2019-07-16

Updated

2021-08-25

CVE-2019-15553

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions memoffset crate versions prior to 0.5.0

Description An issue in the memoffset crate can cause exposure of uninitialized memory. The affected versions of this crate can lead to traps and/or memory unsafety by zero-initializing references. Additionally, they can cause uninitialized memory to be dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic. The flaw was corrected by using MaybeUninit.

Recommendations For versions prior to 0.5.0, update to version 0.5.0 or later to resolve the issue. As a temporary workaround, consider using MaybeUninit to prevent uninitialized memory exposure until the update is applied.

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

CVE-2019-15553

GHSA-RH89-X75F-RH3C

RUSTSEC-2019-0011

Affected Products

Memoffset

PT-2019-14269 · Rust · Memoffset

CVE-2019-15553

Weakness Enumeration

Related Identifiers

Affected Products

References · 13