-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
The vulnerability documentation explicitly identifies InputStream::read_exact as the problematic function. The core issue is the use of an uninitialized buffer with the Read trait, which is strictly forbidden in Rust's safety model. Multiple sources (GitHub advisory, RustSec advisory, and original issue) consistently point to this specific function as the source of unsoundness. The function's behavior directly contradicts the Read trait's safety requirements documented in std::io::Read.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| buffoon | rust | <= 0.5.0 |
Ongoing coverage of React2Shell