CVE-2021-29934: Out of bounds read in uu_od
An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.
References
- github.com/advisories/GHSA-w9vv-q986-vj7x
- github.com/uutils/coreutils
- github.com/uutils/coreutils/commit/39d62c6c1f809022c903180471c10fde6ecd12d1
- github.com/uutils/coreutils/commit/5935876f38498b0c1f657d031171eb17028def6f
- github.com/uutils/coreutils/commit/7341a1a033aa5980ac59bc9d4df978b396de4fad
- github.com/uutils/coreutils/issues/1729
- github.com/uutils/coreutils/pull/1730
- github.com/uutils/coreutils/pull/1738
- github.com/uutils/coreutils/pull/1739
- nvd.nist.gov/vuln/detail/CVE-2021-29934
- rustsec.org/advisories/RUSTSEC-2021-0043.html
Detect and mitigate CVE-2021-29934 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →