CVE-2020-36512

Name of the Vulnerable Software and Affected Versions buffoon crate through 2020-12-31

Description The issue allows arbitrary Read implementations to read from an uninitialized buffer, resulting in memory exposure. This can also cause incorrect numbers of bytes to be written to the buffer. Reading from uninitialized memory produces undefined values, which can quickly invoke undefined behavior.

Recommendations For versions of the buffoon crate through 2020-12-31, consider restricting the use of the InputStream::read exact function until a patch is available. As a temporary workaround, avoid passing uninitialized buffers to user-provided Read implementations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.