Home > Vulnerability Database > WS-2021-0634

Mend.io Vulnerability Database

WS-2021-0634

Good to know:

Date: November 3, 2024

A memory safety issue was found in mz-avro in Rust. Arbitrary Read implementations can read from the uninitialized buffer and also can return an incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior. Note: This is relevant only where a user provides a struct whose Read implementation inspects the buffer passed to read_exact before writing to it. Version 0.7.0 of this crate contains a patch for this issue.

Language: RUST

Severity Score

6.5

Related Resources (5)

Url: https://github.com/MaterializeInc/materialize/issues/8669

Url: https://github.com/MaterializeInc/materialize/commit/4c1b9610642b6ac7f5557537a0c908f1be583cb6

Url: https://crates.io/crates/mz-avro

Url: https://rustsec.org/advisories/RUSTSEC-2021-0138.html

Url: https://www.mend.io/vulnerability-database/WS-2021-0634

Severity Score

6.5

Weakness Type (CWE)

Use of Uninitialized Resource

CWE-908

Top Fix

Upgrade Version

Upgrade to version mz-avro - 0.7.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2021-0634

Good to know:

Date: November 3, 2024

Language: RUST

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?