CVE-2021-25904: Null pointer deference in av-data

August 25, 2021

An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.

References

github.com/advisories/GHSA-352p-rhvq-7g78
github.com/rust-av/rust-av
github.com/rust-av/rust-av/issues/136
nvd.nist.gov/vuln/detail/CVE-2021-25904
rustsec.org/advisories/RUSTSEC-2021-0007.html

Detect and mitigate CVE-2021-25904 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →