CVE-2020-36443
CRITICALlibp2p-deflate < 0.27.1 - Use of Uninitialized Resource via AsyncRead::poll_read()
Title source: llmDescription
An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://rustsec.org/advisories/RUSTSEC-2020-0123.html
Third Party Advisory x_refsource_misc
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/libp2p-deflate/RUSTSEC-2020-0123.md
Scores
CVSS v3
9.8
EPSS
0.0123
EPSS Percentile
65.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-908
Status
published
Products (2)
crates.io/libp2p-deflate
0 - 0.27.1crates.io
libp2p/libp2p-deflate
< 0.27.1
Published
Aug 08, 2021
Tracked Since
Feb 18, 2026