{"id":"RUSTSEC-2021-0092","summary":"Deserialization functions pass uninitialized memory to user-provided Read","details":"Affected versions of this crate passed an uninitialized buffer to a\nuser-provided `Read` instance in:\n\n* `deserialize_binary`\n* `deserialize_string`\n* `deserialize_extension_others`\n* `deserialize_string_primitive`\n\nThis can result in safe `Read` implementations reading from the uninitialized\nbuffer leading to undefined behavior.","aliases":["CVE-2021-45690","CVE-2021-45691","CVE-2021-45692","CVE-2021-45693","GHSA-hr52-f9vp-582c","GHSA-jqjj-r4qp-x2gh","GHSA-jwfh-j623-m97h","GHSA-m325-rxjv-pwph","GHSA-vw5m-qw2r-m923"],"modified":"2024-03-15T00:05:17.689306Z","published":"2021-01-26T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/messagepack-rs"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0092.html"},{"type":"REPORT","url":"https://github.com/otake84/messagepack-rs/issues/2"}],"affected":[{"package":{"name":"messagepack-rs","ecosystem":"crates.io","purl":"pkg:cargo/messagepack-rs"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":[]},"affected_functions":null},"database_specific":{"categories":["memory-exposure"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0092.json","informational":null,"cvss":null}}],"schema_version":"1.7.3"}