CVE-2021-31919

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-31919

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31919.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-31919

Aliases

Published

2021-04-30T03:15:07.517Z

Modified

2026-04-12T03:27:03.392779Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.

References

https://rustsec.org/advisories/RUSTSEC-2021-0054.html

Affected packages

Git / github.com/rkyv/rkyv

Affected ranges

Type

GIT

Repo

https://github.com/rkyv/rkyv

Events

Introduced

Fixed

ec83f7c23d488ba8a5c4adf90b126417c59bba26

Database specific

{
    "cpe": "cpe:2.3:a:rkyv_project:rkyv:*:*:*:*:*:rust:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.6.0"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

v0.*

v0.1.1

v0.2.0

v0.2.1

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.5.0

v0.5.1

v0.5.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31919.json"