CVE-2021-45706: Memory flaw in zeroize_derive
(updated )
An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.
References
- github.com/RustCrypto/utils/tree/master/zeroize/derive
- github.com/advisories/GHSA-c5hx-w945-j4pq
- github.com/iqlusioninc/crates/issues/876
- nvd.nist.gov/vuln/detail/CVE-2021-45706
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/zeroize_derive/RUSTSEC-2021-0115.md
- rustsec.org/advisories/RUSTSEC-2021-0115.html
Detect and mitigate CVE-2021-45706 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →