-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| crossbeam-channel | rust | < 0.4.3 | 0.4.3 |
The vulnerability stemmed from using mem::zeroed() to initialize generic types. The GitHub PR #458 specifically replaced mem::zeroed() with MaybeUninit in these locations. The Channel constructor and Block::new functions were directly handling user-supplied types T and contained the unsafe zero-initialization pattern described in the advisory. The array flavor implementation was identified as the affected component through the vulnerability description and linked fix.
Ongoing coverage of React2Shell