PT-2022-28274 — Zeroize Zeroize

PT-2022-28274 · Zeroize · Zeroize

Published

2022-06-17

Updated

2022-06-17

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions zeroize versions prior to 1.2

Description The issue arises from the failure to implement Drop when the #[zeroize(drop)] attribute is used on an enum. This results in memory not being properly zeroed out after it is dropped, contrary to the intended behavior when using this attribute.

Recommendations For versions prior to 1.2, update to version 1.2 or later to ensure that #[zeroize(drop)] on enums properly implements Drop.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-226

Related Identifiers

GHSA-R45X-GHR2-QJXC

Affected Products

Zeroize