CVE-2021-31919

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-31919

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31919.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-31919

Aliases

Published

2021-04-30T03:15:07Z

Modified

2025-01-08T08:01:48.936026Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.

References

https://rustsec.org/advisories/RUSTSEC-2021-0054.html

Affected packages

Git / github.com/djkoloski/rkyv

Affected ranges

Type: GIT
Repo: https://github.com/djkoloski/rkyv
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ec83f7c23d488ba8a5c4adf90b126417c59bba26

Affected versions

v0.*

v0.1.1

v0.2.0

v0.2.1

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.5.0

v0.5.1

v0.5.2