{"id":"RUSTSEC-2018-0022","summary":"Use of uninitialized memory in temporary","details":"Uninit memory is used as a RNG seed in temporary\n\nThe following function is used as a way to get entropy from the system, which does operations on and exposes uninit memory, which is UB.\n\n```rust\nfn random_seed(_: &Path, _: &str) -\u003e [u64; 2] {\n    use std::mem::uninitialized as rand;\n    unsafe { [rand::\u003cu64\u003e() ^ 0x12345678, rand::\u003cu64\u003e() ^ 0x87654321] }\n}\n```\n\nThis has been resolved in the 0.6.4 release.\n\nThe crate is not intended to be used outside of a testing environment.\n\nFor a general purpose crate to create temporary directories, [`tempfile`](https://crates.io/crates/tempfile) is an alternative for this crate.","aliases":["GHSA-2jq9-6xx7-3h29"],"modified":"2023-11-08T04:14:07.505706Z","published":"2018-08-22T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/temporary"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2018-0022.html"},{"type":"REPORT","url":"https://github.com/stainless-steel/temporary/issues/2"}],"affected":[{"package":{"name":"temporary","ecosystem":"crates.io","purl":"pkg:cargo/temporary"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.3.0"},{"fixed":"0.6.4"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"os":[],"arch":[],"functions":[]}},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2018-0022.json","informational":null,"cvss":null,"categories":["memory-exposure"]}}],"schema_version":"1.7.3"}