Skip to content

buffered-reader vulnerable to out-of-bounds array access leading to panic

Low severity GitHub Reviewed Published Jun 6, 2023 to the GitHub Advisory Database • Updated Jun 6, 2023

Package

cargo buffered-reader (Rust)

Affected versions

< 1.0.2
>= 1.1.0, < 1.1.5

Patched versions

1.0.2
1.1.5

Description

Affected versions of the crate have a bug where attacker-controlled input can result in the use of an out-of-bound array index. Rust
detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not possible for an attacker to read from or write to the application's address space.

References

Published to the GitHub Advisory Database Jun 6, 2023
Reviewed Jun 6, 2023
Last updated Jun 6, 2023

Severity

Low

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-29mf-62xx-28jq

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.