GHSA-9g55-pg62-m8hh: Channel creates zero value of any type
N/A
CVSS Score
Basic Information
CVE ID
-
GHSA ID
EPSS Score
-
CWE
-
Published
6/16/2022
Updated
1/12/2023
KEV Status
No
Technology
Rust
Technical Details
CVSS Vector
-
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| crossbeam-channel | rust | < 0.4.3 | 0.4.3 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from using mem::zeroed() to initialize generic types. The GitHub PR #458 specifically replaced mem::zeroed() with MaybeUninit in these locations. The Channel constructor and Block::new functions were directly handling user-supplied types T and contained the unsafe zero-initialization pattern described in the advisory. The array flavor implementation was identified as the affected component through the vulnerability description and linked fix.