CVE-2021-45688

Name of the Vulnerable Software and Affected Versions: ash crate versions prior to 0.33.1

Description: The issue allows arbitrary Read implementations to read from an uninitialized buffer, potentially exposing memory and returning incorrect byte counts. This can lead to undefined behavior due to the reading of uninitialized memory locations.

Recommendations: For ash crate versions prior to 0.33.1, update to version 0.33.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the util::read spv function until a patch is available. Avoid using user-provided Read implementations with uninitialized buffers to minimize the risk of exploitation.