Name of the Vulnerable Software and Affected Versions ruzstd (affected versions not specified)

Description The issue arises from miscalculations in the length of the allocated and init section of the internal RingBuffer in ruzstd. This leads to uninitialized or out-of-bounds reads in copy bytes overshooting of up to 15 bytes, potentially resulting in up to 15 bytes of memory contents being written into the decoded data when decompressing a crafted archive. This may occur multiple times per archive.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.