CVE-2020-36514

Name of the Vulnerable Software and Affected Versions acc reader crate through 2020-12-27

Description The issue allows arbitrary Read implementations to read from an uninitialized buffer, resulting in memory exposure. This can also cause incorrect numbers of bytes to be written to the buffer. Reading from uninitialized memory produces undefined values, which can quickly invoke undefined behavior. The functions fill buf and read up to may read from uninitialized memory locations.

Recommendations For acc reader crate through 2020-12-27, consider restricting the use of the fill buf and read up to functions until a patch is available. As a temporary workaround, avoid passing uninitialized buffers to user-provided Read implementations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.