Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4cXEtNThjci04Y2M3
Out of bounds read in bra
Buffered Random Access (BRA) provides easy random memory access to a sequential source of data in Rust. This is achieved by greedily retaining all memory read from a given source. Buffered Random Access (BRA) provides easy random memory access to a sequential source of data in Rust. An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.
Permalink: https://github.com/advisories/GHSA-j8qq-58cr-8cc7JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4cXEtNThjci04Y2M3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Identifiers: GHSA-j8qq-58cr-8cc7, CVE-2021-25905
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-25905
- https://github.com/Enet4/bra-rs/issues/1
- https://rustsec.org/advisories/RUSTSEC-2021-0008.html
- https://github.com/Enet4/bra-rs/commit/aabf5562f8c6374ab30f615b28e0cff9b5c79e5f
- https://github.com/advisories/GHSA-j8qq-58cr-8cc7
Blast Radius: 0.0
Affected Packages
cargo:bra
Dependent packages: 0Dependent repositories: 1
Downloads: 1,297 total
Affected Version Ranges: < 0.1.1
Fixed in: 0.1.1
All affected versions: 0.1.0
All unaffected versions: 0.1.1