CVE-2021-45693

Name of the Vulnerable Software and Affected Versions: messagepack-rs crate through 2021-01-26

Description: The issue in the messagepack-rs crate allows functions such as deserialize binary, deserialize string, deserialize extension others, and deserialize string primitive to read from uninitialized memory locations. This can result in safe Read implementations reading from the uninitialized buffer, leading to undefined behavior.

Recommendations: For versions of the messagepack-rs crate through 2021-01-26, consider disabling the deserialize binary, deserialize string, deserialize extension others, and deserialize string primitive functions until a patch is available to prevent reading from uninitialized memory locations. Restrict access to these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.