Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS01NW01LXdoY3YtYzQ5Y80frw

High EPSS: 0.00231% (0.45899 Percentile) EPSS:
Permalink JSON

Use of Uninitialized Resource in smallvec

Affected Packages Affected Versions Fixed Versions
cargo:smallvec < 0.6.13 0.6.13
1,616 Dependent packages
67,564 Dependent repositories
462,121,101 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.2.0, 0.2.1, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.5.0, 0.5.1, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.6.10, 0.6.11, 0.6.12

All unaffected versions

0.6.13, 0.6.14, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.6.0, 1.6.1, 1.7.0, 1.8.0, 1.8.1, 1.9.0, 1.10.0, 1.11.0, 1.11.1, 1.11.2, 1.12.0, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.15.1

Affected versions of this crate called mem::uninitialized() to create values of a user-supplied type T. This is unsound e.g. if T is a reference type (which must be non-null and thus may not remain uninitialized). The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.

References:

Identifiers

GHSA-55m5-whcv-c49c

CVE-2018-25023

Risk

Severity

High

EPSS

EPSS Percentage: 0.00231

EPSS Percentile: 0.45899

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/servo/rust-smallvec

Date and time

Published

over 3 years ago

Updated

almost 2 years ago

API

JSON