Name of the Vulnerable Software and Affected Versions ruzstd (affected versions not specified)

Description The issue arises from miscalculations in the length of the allocated and init section of the internal RingBuffer in ruzstd. This leads to uninitialized or out-of-bounds reads in copy bytes overshooting, potentially reading up to 15 bytes. As a result, when decompressing a crafted archive, up to 15 bytes of memory contents may be written into the decoded data, and this can occur multiple times per archive.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.