Skip to content

Out of bounds read in bra

Critical severity GitHub Reviewed Published Aug 25, 2021 to the GitHub Advisory Database • Updated Apr 6, 2023

Package

cargo bra (Rust)

Affected versions

< 0.1.1

Patched versions

0.1.1

Description

Buffered Random Access (BRA) provides easy random memory access to a sequential source of data in Rust. This is achieved by greedily retaining all memory read from a given source. Buffered Random Access (BRA) provides easy random memory access to a sequential source of data in Rust. An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.

References

Published by the National Vulnerability Database Jan 26, 2021
Reviewed Aug 19, 2021
Published to the GitHub Advisory Database Aug 25, 2021
Last updated Apr 6, 2023

Severity

Critical
9.1
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weaknesses

CVE ID

CVE-2021-25905

GHSA ID

GHSA-j8qq-58cr-8cc7

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.