CVE-2021-26951

Severity CVSS v4.0:
Pending analysis
Type:
CWE-787 Out-of-bounds Write
Publication date:
09/02/2021
Last modified:
25/04/2022

Description

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:calamine_project:calamine:*:*:*:*:*:rust:*:* 0.17.0 (excluding)


References to Advisories, Solutions, and Tools