Vulnerabilities > CVE-2020-36443 - Use of Uninitialized Resource vulnerability in Libp2P Libp2P-Deflate

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

libp2p

CWE-908

NVD

Published: 2021-08-08

Updated: 2021-08-17

Summary

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.

Vulnerable Configurations

Part	Description	Count
Application	Libp2P Libp2P Libp2P Deflate *	1

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

References

https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/libp2p-deflate/RUSTSEC-2020-0123.md
https://rustsec.org/advisories/RUSTSEC-2020-0123.html