CVE-2021-29934: Out of bounds read in uu_od
7.3
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.56759%
CWE
Published
8/25/2021
Updated
5/22/2023
KEV Status
No
Technology
Rust
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
uu_od | rust | < 0.0.4 | 0.0.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from PartialReader's read implementation using uninitialized memory buffers. The original code (pre-patch) used Vec::with_capacity followed by unsafe set_len to create a buffer, then passed slices of this uninitialized memory to Read operations. This violates Rust's safety guarantees as user-provided Read implementations could observe uninitialized memory. The patch replaced this with a zero-initialized array and changed read_exact to read with proper error handling, confirming the vulnerability was in this specific function.