CVE-2021-29936

Name of the Vulnerable Software and Affected Versions adtensor crate versions through 0.0.3 adtensor crate versions through 2021-01-11

Description An issue was discovered in the adtensor crate for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix. The FromIterator<T> methods for Vector and Matrix rely on the type parameter N to allocate space in the iterable. If the passed in N type parameter is larger than the number of items returned by the iterator, it can lead to uninitialized memory being left in the Vector or Matrix type which gets dropped.

Recommendations For adtensor crate versions through 0.0.3, update to a version later than 0.0.3 to resolve the issue. For adtensor crate versions through 2021-01-11, update to a version later than 2021-01-11 to resolve the issue. As a temporary workaround, consider restricting the use of the FromIterator implementation for Vector and Matrix until a patch is available. Avoid using the FromIterator method with type parameters larger than the number of items returned by the iterator to minimize the risk of exploitation.