PT-2021-24257 · Binjs Io · Binjs Io
Published
2021-01-03
·
Updated
2022-06-16
·
CVE-2021-45683
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
binjs io crate through 2021-01-03
Description:
The issue is related to the Read method, which may read from uninitialized memory locations. Affected versions of the crate pass an uninitialized buffer to a user-provided
Read implementation, allowing arbitrary Read implementations to read from the uninitialized buffer and potentially return incorrect numbers of bytes written to the buffer. This can produce undefined values, leading to undefined behavior.Recommendations:
For binjs io crate through 2021-01-03, consider restricting the use of the
Read method until a patch is available to prevent reading from uninitialized memory locations. As a temporary workaround, avoid using arbitrary Read implementations that can read from the uninitialized buffer. At the moment, there is no information about a newer version that contains a fix for this issue.Fix
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Binjs Io