CVE-2021-45685

Vulnerability

The ColumnarReadExt::read_typed_vec method in the columnar crate (versions through 2021-01-07) passes an uninitialized buffer to a user-provided Read implementation. This occurs when the method reserves capacity with vector.reserve(len) and then uses unsafe { vector.set_len(len); } without initializing the memory [3].

Exploitation

An attacker who can supply a custom Read implementation to read_typed_vec() can read data from uninitialized memory, leading to exposure of sensitive information or creation of undefined values. The function is reachable from safe Rust code when a user passes a Read instance that does not properly handle uninitialized buffers [3].

Impact

Successful exploitation results in reading from uninitialized memory, which can produce undefined values and lead to undefined behavior (UB). This may cause information disclosure or memory corruption [4].

Mitigation

As of the last available references, no patched version of the columnar crate has been released. Workarounds include zero-initializing the buffer before calling read() or avoiding the use of read_typed_vec() with untrusted Read implementations [3][4].