CVE-2021-45689

Name of the Vulnerable Software and Affected Versions: gfx-auxil crate through 2021-01-07

Description: The issue allows arbitrary Read implementations to read from an uninitialized buffer, potentially exposing memory and returning incorrect byte counts. This can lead to undefined behavior due to the reading of uninitialized memory locations. The gfx auxil::read spirv function may read from these uninitialized memory locations.

Recommendations: For versions of the gfx-auxil crate through 2021-01-07, consider restricting the use of the gfx auxil::read spirv function and arbitrary Read implementations until a patch is available. Avoid passing uninitialized buffers to user-provided Read implementations to minimize the risk of memory exposure and undefined behavior. At the moment, there is no information about a newer version that contains a fix for this vulnerability.