CVE-2021-25905: Out of bounds read in bra

August 25, 2021 (updated May 5, 2022)

Buffered Random Access (BRA) provides easy random memory access to a sequential source of data in Rust. This is achieved by greedily retaining all memory read from a given source. Buffered Random Access (BRA) provides easy random memory access to a sequential source of data in Rust. An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.

References

github.com/Enet4/bra-rs
github.com/Enet4/bra-rs/commit/aabf5562f8c6374ab30f615b28e0cff9b5c79e5f
github.com/Enet4/bra-rs/issues/1
github.com/advisories/GHSA-j8qq-58cr-8cc7
nvd.nist.gov/vuln/detail/CVE-2021-25905
rustsec.org/advisories/RUSTSEC-2021-0008.html

Detect and mitigate CVE-2021-25905 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →