CVE-2021-45685

Name of the Vulnerable Software and Affected Versions: columnar crate versions through 2021-01-07

Description: The issue allows arbitrary Read implementations to read from an uninitialized buffer passed by ColumnarReadExt::read typed vec(), leading to memory exposure. This can also result in incorrect byte counts being returned to the buffer. Reading from uninitialized memory can produce undefined values, potentially invoking undefined behavior.

Recommendations: For versions of the columnar crate through 2021-01-07, consider disabling the ColumnarReadExt::read typed vec() function until a patch is available to prevent arbitrary Read implementations from accessing uninitialized memory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.