PT-2021-18547 · Uu Od · Uu Od

Published

2021-02-17

Updated

2022-04-26

CVE-2021-29934

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions uu od crate versions prior to 0.0.4

Description An issue in the PartialReader of the uu od crate allows attackers to read the contents of uninitialized memory locations via a user-provided Read operation. This can result in safe Read implementations reading from the uninitialized buffer, leading to undefined behavior. The flaw was fixed by zero-initializing the passed buffer.

Recommendations For versions prior to 0.0.4, update to version 0.0.4 or later to fix the issue. As a temporary workaround, consider avoiding the use of the PartialReader::read function with user-provided Read operations until the update is applied.

Exploit

Fix

Out of bounds Read

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-908

Related Identifiers

CVE-2021-29934

GHSA-W9VV-Q986-VJ7X

RUSTSEC-2021-0043

Affected Products

Uu Od

PT-2021-18547 · Uu Od · Uu Od

CVE-2021-29934

Weakness Enumeration

Related Identifiers

Affected Products

References · 17