GHSA-72r2-rg28-47v9: `read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

June 16, 2022 (updated June 13, 2023)

Affected versions of this crate calls a user provided Read implementation on an uninitialized buffer. Read on uninitialized buffer is defined as undefined behavior in Rust.

References

github.com/advisories/GHSA-72r2-rg28-47v9
github.com/hinaria/bite
github.com/hinaria/bite/issues/1
rustsec.org/advisories/RUSTSEC-2020-0153.html

Code Behaviors & Features

Detect and mitigate GHSA-72r2-rg28-47v9 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →