CVE-2021-31919

HIGH

rkyv <0.6.0 - Memory Corruption

Title source: llm

Description

An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.

References (1)

[Third Party Advisory] https://rustsec.org/advisories/RUSTSEC-2021-0054.html

Scores

CVSS v3 7.5

EPSS 0.0035

EPSS Percentile 57.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-909

Status published

Products (2)

crates.io/rkyv 0 - 0.6.0crates.io

rkyv_project/rkyv < 0.6.0

Published Apr 30, 2021

Tracked Since Feb 18, 2026