Free of uninitialized memory in autorand · CVE-2020-36210 · GitHub Advisory Database · GitHub

Free of uninitialized memory in autorand

High severity GitHub Reviewed Published Aug 25, 2021 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

autorand (Rust)

Affected versions

< 0.2.3

Patched versions

0.2.3

Description

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.

References

Reviewed Aug 19, 2021

Published to the GitHub Advisory Database Aug 25, 2021

Last updated Jan 11, 2023

Severity

High

7.8

/ 10

CVSS base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H