N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-hv9v-7w3v-rj6f

GHSA-hv9v-7w3v-rj6f: `Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation.

Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer.

Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-hv9v-7w3v-rj6f

GHSA-hv9v-7w3v-rj6f:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
acc_reader	rust	<= 2.0.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Both functions exhibit the same core vulnerability pattern: 1) Using Vec::set_len to expand buffer capacity without initializing memory 2) Passing the resulting uninitialized buffer slice to Read::read 3) Violating the Read trait's requirement that buffers must be initialized before reading. The code examples from lib.rs show direct unsafe buffer manipulation through set_len followed by passing the uninitialized &mut [u8] to user-controlled Read implementations, which matches the vulnerability description of memory exposure through uninitialized buffers.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-hv9v-7w3v-rj6f: `Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`

GHSA-hv9v-7w3v-rj6f:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

GHSA-hv9v-7w3v-rj6f: `Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`

N/A

N/A

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI