Critical severity9.8NVD Advisory· Published Feb 9, 2021· Updated Jun 17, 2026
CVE-2021-26951
CVE-2021-26951
Description
An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
calaminecrates.io | < 0.17.0 | 0.17.0 |
Affected products
2- Rust/calaminedescription
Patches
Vulnerability mechanics
References
4- rustsec.org/advisories/RUSTSEC-2021-0015.htmlnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-ppqp-78xx-3r38ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-26951ghsaADVISORY
- github.com/tafia/calamine/issues/199ghsaWEB
News mentions
0No linked articles in our index yet.