CVE-2020-36513

Name of the Vulnerable Software and Affected Versions acc reader crate through 2020-12-27

Description The issue allows arbitrary Read implementations to read from an uninitialized buffer, resulting in memory exposure. This can also cause the implementations to return an incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values, which can quickly invoke undefined behavior. The functions read up to and fill buf may read from uninitialized memory locations.

Recommendations For acc reader crate through 2020-12-27, consider restricting the use of the read up to and fill buf functions until a patch is available. Avoid passing uninitialized buffers to user-provided Read implementations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.