CVE-2020-36210 – autorand

Package

Manager: cargo
Name: autorand
Vulnerable Version: >=0 <0.2.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00065 pctl0.20593

Details

Free of uninitialized memory in autorand An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.

Metadata

Created: 2021-08-25T20:50:41Z
Modified: 2021-08-19T18:53:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-cgmg-2v6m-fjg7/GHSA-cgmg-2v6m-fjg7.json
CWE IDs: ["CWE-908"]
Alternative ID: GHSA-cgmg-2v6m-fjg7
Finding: F138
Auto approve: 1