CVE-2021-31919

HIGH

rkyv < 0.6.0 - Missing Initialization of Resource

Title source: llm
STIX 2.1

Description

An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://rustsec.org/advisories/RUSTSEC-2021-0054.html

Scores

CVSS v3 7.5
EPSS 0.0108
EPSS Percentile 60.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-909
Status published
Products (2)
crates.io/rkyv 0 - 0.6.0crates.io
rkyv_project/rkyv < 0.6.0
Published Apr 30, 2021
Tracked Since Feb 18, 2026