Miggo Logo
Miggo Vulnerability Database
GHSA-9g55-pg62-m8hh

GHSA-9g55-pg62-m8hh: Channel creates zero value of any type

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-9g55-pg62-m8hh
EPSS Score
-
CWE
-
Published
6/16/2022
Updated
1/12/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
crossbeam-channelrust< 0.4.30.4.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from using mem::zeroed() to initialize generic types. The GitHub PR #458 specifically replaced mem::zeroed() with MaybeUninit in these locations. The Channel constructor and Block::new functions were directly handling user-supplied types T and contained the unsafe zero-initialization pattern described in the advisory. The array flavor implementation was identified as the affected component through the vulnerability description and linked fix.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* t*is *r*t* **ll** `m*m::z*ro**()` to *r**t* v*lu*s o* * us*r-suppli** typ* `T`. T*is is unsoun* *.*. i* `T` is * r***r*n** typ* (w*i** must ** non-null). T** *l*w w*s *orr**t** *y *voi*in* t** us* o* `m*m::z*ro**()`, usin* `M*y

Reasoning

T** vuln*r**ility st*mm** *rom usin* `m*m::z*ro**()` to initi*liz* **n*ri* typ*s. T** *it*u* PR #*** sp**i*i**lly r*pl**** `m*m::z*ro**()` wit* `M*y**Uninit` in t**s* lo**tions. T** ***nn*l *onstru*tor *n* `*lo*k::n*w` *un*tions w*r* *ir**tly **n*lin