CVE-2019-15553: Exposure of uninitialized memory in memoffset

August 25, 2021 (updated June 13, 2023)

Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references. They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic. The flaw was corrected by using MaybeUninit.

References

github.com/Gilnaa/memoffset
github.com/Gilnaa/memoffset/issues/9
github.com/advisories/GHSA-rh89-x75f-rh3c
nvd.nist.gov/vuln/detail/CVE-2019-15553
rustsec.org/advisories/RUSTSEC-2019-0011.html

Detect and mitigate CVE-2019-15553 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →