Vulnerabilities > CVE-2020-36210 - Use of Uninitialized Resource vulnerability in Autorand Project Autorand

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

autorand-project

CWE-908

NVD

Published: 2021-01-26

Updated: 2021-07-21

Summary

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.

Vulnerable Configurations

Part	Description	Count
Application	Autorand_Project Autorand Project Autorand - Autorand Project Autorand 0.1.1 Autorand Project Autorand 0.2.0 Autorand Project Autorand 0.2.1 Autorand Project Autorand 0.2.2	5

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

References

https://rustsec.org/advisories/RUSTSEC-2020-0103.html