CVE-2018-20992

MEDIUM

claxon < 0.4.1 - Uninitialized Memory Exposure via Decode Buffer Mishandling

Title source: llm
STIX 2.1

Description

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled.

References (1)

Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://rustsec.org/advisories/RUSTSEC-2018-0004.html

Scores

CVSS v3 6.5
EPSS 0.0137
EPSS Percentile 68.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-908
Status published
Products (3)
claxon_project/claxon 0.4.0
claxon_project/claxon 0.2.0 - 0.3.1
crates.io/claxon 0.4.0 - 0.4.1crates.io
Published Aug 26, 2019
Tracked Since Feb 18, 2026