N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-hmx9-jm3v-33hv

EPSS Score

CWE

Published

6/16/2022

Updated

6/13/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-hmx9-jm3v-33hv

GHSA-hmx9-jm3v-33hv: InputStream::read_exact : `Read` on uninitialized buffer causes UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-hmx9-jm3v-33hv

EPSS Score

CWE

Published

6/16/2022

Updated

6/13/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
buffoon	rust	<= 0.5.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability documentation explicitly identifies InputStream::read_exact as the problematic function. The core issue is the use of an uninitialized buffer with the Read trait, which is strictly forbidden in Rust's safety model. Multiple sources (GitHub advisory, RustSec advisory, and original issue) consistently point to this specific function as the source of unsoundness. The function's behavior directly contradicts the Read trait's safety requirements documented in std::io::Read.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* t*is *r*t* p*ss*s *n uniniti*liz** *u***r to * us*r-provi*** `R***` impl*m*nt*tion. *r*itr*ry `R***` impl*m*nt*tions **n r*** *rom t** uniniti*liz** *u***r (m*mory *xposur*) *n* *lso **n r*turn in*orr**t num**r o* *yt*s writt*n t

Reasoning

T** vuln*r**ility *o*um*nt*tion *xpli*itly i**nti*i*s InputStr**m::r***_*x**t *s t** pro*l*m*ti* *un*tion. T** *or* issu* is t** us* o* *n uniniti*liz** *u***r wit* t** R*** tr*it, w*i** is stri*tly *or*i***n in Rust's s***ty mo**l. Multipl* sour**s

N/A

Basic Information

Concerned about an active attack path?

GHSA-hmx9-jm3v-33hv: InputStream::read_exact : `Read` on uninitialized buffer causes UB

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI