CVE-2021-28033

Name of the Vulnerable Software and Affected Versions: byte struct crate versions prior to 0.6.1

Description: An issue was discovered in the byte struct crate where a drop of uninitialized memory can occur if a certain deserialization method panics. Specifically, the read bytes default le function for [T; n] arrays used to deserialize arrays of T from bytes created a [T; n] array with std::mem::uninitialized and then called T's deserialization method. If T's deserialization method panicked, the uninitialized memory could drop invalid objects.

Recommendations: For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the read bytes default le function for [T; n] arrays until a patch is available. Restrict access to the deserialization method to minimize the risk of exploitation.