Miggo Logo
Miggo Vulnerability Database
GHSA-5m39-wx2q-mxg3

GHSA-5m39-wx2q-mxg3: Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value`

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-5m39-wx2q-mxg3
EPSS Score
-
CWE
-
Published
11/8/2022
Updated
8/25/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
lzfrust< 0.3.20.3.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows both functions were modified to replace unsafe initialization patterns. compress() used mem::uninitialized for htab array and unsafe vector expansion, while decompress() used unsafe vector expansion. The vulnerability description explicitly mentions both compression and decompression functions as problematic. The RustSec advisory confirms both functions were vulnerable by listing them in affected versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *ompr*ssion *n* ***ompr*ssion *un*tion us** `m*m:uniniti*liz**` to *r**t* *n *rr*y o* uniniti*liz** v*lu*s, to l*t*r writ* v*lu*s into it. T*is l*t*r l***s to r***s *rom uniniti*liz** m*mory. T** *l*w w*s *orr**t** in *ommit ********************

Reasoning

T** *ommit *i** s*ows *ot* `*un*tions` w*r* mo*i*i** to r*pl*** uns*** initi*liz*tion p*tt*rns. `*ompr*ss()` us** `m*m::uniniti*liz**` *or `*t**` *rr*y *n* uns*** v**tor *xp*nsion, w*il* `***ompr*ss()` us** uns*** v**tor *xp*nsion. T** vuln*r**ility