CVE-2020-36210: Free of uninitialized memory in autorand

August 25, 2021

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.

References

github.com/advisories/GHSA-cgmg-2v6m-fjg7
github.com/mersinvald/autorand-rs
github.com/mersinvald/autorand-rs/issues/5
nvd.nist.gov/vuln/detail/CVE-2020-36210
rustsec.org/advisories/RUSTSEC-2020-0103.html

Code Behaviors & Features

Detect and mitigate CVE-2020-36210 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →