CVE-2019-16144
HIGH7.5EPSS 0.30%fix unsound APIs that could lead to UB
發布日:2021/8/25修改日:2023/11/8
描述
Affected versions of this crate API could use uninitialized memory with some APIs in special cases, like use the API in none generator context. This could lead to UB. The flaw was corrected by <https://github.com/Xudong-Huang/generator-rs/issues/9> <https://github.com/Xudong-Huang/generator-rs/issues/11> <https://github.com/Xudong-Huang/generator-rs/issues/13> <https://github.com/Xudong-Huang/generator-rs/issues/14> This patch fixes all those issues above.
受影響套件(2)
- crates.io/generatorfrom 0, < 0.6.18
- crates.io/generator>= 0.0.0-0, < 0.6.18
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-16144
- PATCHhttps://crates.io/crates/generator
- PATCHhttps://github.com/Xudong-Huang/generator-rs
- WEBhttps://github.com/Xudong-Huang/generator-rs/issues/11
- WEBhttps://github.com/Xudong-Huang/generator-rs/issues/13
- WEBhttps://github.com/Xudong-Huang/generator-rs/issues/14
- WEBhttps://github.com/Xudong-Huang/generator-rs/issues/9
- WEBhttps://rustsec.org/advisories/RUSTSEC-2019-0020.html