CVE-2021-45688: Use of Uninitialized Resource in ash.
(updated )
An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.
References
- github.com/MaikKlein/ash
- github.com/MaikKlein/ash/issues/354
- github.com/advisories/GHSA-64wv-8vwp-xgw2
- github.com/ash-rs/ash/commit/2c98b6f384a017de031698bd623551a45f24c8f9
- github.com/ash-rs/ash/compare/0.33.0...0.33.1
- github.com/ash-rs/ash/issues/354
- github.com/ash-rs/ash/pull/470
- nvd.nist.gov/vuln/detail/CVE-2021-45688
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/ash/RUSTSEC-2021-0090.md
- rustsec.org/advisories/RUSTSEC-2021-0090.html
Detect and mitigate CVE-2021-45688 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →