Home > Vulnerability Database > WS-2021-0008

Mend.io Vulnerability Database

WS-2021-0008

Date: January 26, 2021

marc crate before 2.0.0 passes an uninitialized buffer to a user-provided 'Read' implementation ('Record::read()'). Arbitrary 'Read' implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.

Language: RUST

Severity Score

7.2

Related Resources (2)

Url: https://github.com/blackbeam/rust-marc/commit/6299af0ab17f070a78b75367e14b9101c29ce475

Url: https://www.mend.io/vulnerability-database/WS-2021-0008

Severity Score

7.2

Weakness Type (CWE)

Improper Initialization

CWE-665

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2021-0008

Date: January 26, 2021

Language: RUST

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?