CVE-2019-16144
HIGH7.5EPSS 0.30%fix unsound APIs that could lead to UB
Published: 8/25/2021Modified: 11/8/2023
Description
Affected versions of this crate API could use uninitialized memory with some APIs in special cases, like use the API in none generator context. This could lead to UB. The flaw was corrected by <https://github.com/Xudong-Huang/generator-rs/issues/9> <https://github.com/Xudong-Huang/generator-rs/issues/11> <https://github.com/Xudong-Huang/generator-rs/issues/13> <https://github.com/Xudong-Huang/generator-rs/issues/14> This patch fixes all those issues above.
Affected packages (2)
- crates.io/generatorfrom 0, < 0.6.18
- crates.io/generator>= 0.0.0-0, < 0.6.18
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-16144
- PATCHhttps://crates.io/crates/generator
- PATCHhttps://github.com/Xudong-Huang/generator-rs
- WEBhttps://github.com/Xudong-Huang/generator-rs/issues/11
- WEBhttps://github.com/Xudong-Huang/generator-rs/issues/13
- WEBhttps://github.com/Xudong-Huang/generator-rs/issues/14
- WEBhttps://github.com/Xudong-Huang/generator-rs/issues/9
- WEBhttps://rustsec.org/advisories/RUSTSEC-2019-0020.html