CVE-2021-45686

Name of the Vulnerable Software and Affected Versions: csv-sniffer crate through 2021-01-05

Description: The issue is related to the preamble skipcount function, which passes an uninitialized buffer to a user-provided Read implementation. This can lead to memory exposure, allowing arbitrary Read implementations to read from the uninitialized buffer and potentially return incorrect numbers of bytes written to the buffer. Reading from uninitialized memory can produce undefined values, which can quickly invoke undefined behavior.

Recommendations: For csv-sniffer crate versions through 2021-01-05, consider disabling the preamble skipcount() function as a temporary workaround until a patch is available. Restrict access to the Read implementation to minimize the risk of exploitation. Avoid using the preamble skipcount() function in the affected crate until the issue is resolved.