CVE-2021-25905

Name of the Vulnerable Software and Affected Versions bra crate versions prior to 0.1.1

Description The issue is related to the bra crate for Rust, which provides easy random memory access to a sequential source of data. It lacks soundness because it can read uninitialized memory. This is unsound, as it allows safe Rust code to exhibit undefined behavior. The flaw is due to the creation of an uninitialized buffer, which is then passed to a user-provided Read implementation. This can lead to reading from uninitialized memory.

Recommendations For versions prior to 0.1.1, update to version 0.1.1 or later, which corrects the flaw by zero-initializing newly allocated buffers before handing them to user-provided Read implementations. As a temporary workaround, consider avoiding the use of the bra crate until the issue is resolved.