CWE-908
Use of Uninitialized Resource
Description
The product uses or accesses a resource that has not been initialized.
Hierarchy (View 1000)
CVEs mapped to this weakness (209)
page 10 of 11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36432 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new(). | ||
| CVE-2020-36443 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function. | ||
| CVE-2020-36452 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. | ||
| CVE-2021-23386 | — | 0.00 | — | 0.01 | May 20, 2021 | This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names. | ||
| CVE-2021-29580 | 0.00 | — | 0.00 | May 14, 2021 | TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalMaxPoolGrad` triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a `CHECK` condition… | |||
| CVE-2021-29581 | 0.00 | — | 0.00 | May 14, 2021 | TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger denial of service via segmentation faults. The implementation(https://github.com/tensorflow/tensorflow/blob/a74768f8e4efb… | |||
| CVE-2021-31919 | — | 0.00 | — | 0.01 | Apr 30, 2021 | An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct. | ||
| CVE-2021-29936 | — | 0.00 | — | 0.01 | Apr 1, 2021 | An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix. | ||
| CVE-2021-29937 | — | 0.00 | — | 0.01 | Apr 1, 2021 | An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size(). | ||
| CVE-2021-28030 | — | 0.00 | — | 0.01 | Mar 5, 2021 | An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes. | ||
| CVE-2021-28035 | — | 0.00 | — | 0.01 | Mar 5, 2021 | An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic. | ||
| CVE-2021-28033 | — | 0.00 | — | 0.01 | Mar 5, 2021 | An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics. | ||
| CVE-2021-28029 | — | 0.00 | — | 0.01 | Mar 5, 2021 | An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations. | ||
| CVE-2021-26952 | — | 0.00 | — | 0.02 | Feb 9, 2021 | An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read. | ||
| CVE-2021-26953 | — | 0.00 | — | 0.01 | Feb 9, 2021 | An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation. | ||
| CVE-2021-26305 | — | 0.00 | — | 0.02 | Jan 29, 2021 | An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness. | ||
| CVE-2021-26308 | — | 0.00 | — | 0.01 | Jan 29, 2021 | An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness. | ||
| CVE-2020-36210 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption. | ||
| CVE-2021-25905 | — | 0.00 | — | 0.02 | Jan 22, 2021 | An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory. | ||
| CVE-2020-35878 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. |
- CVE-2020-36432Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new().
- CVE-2020-36443Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.
- CVE-2020-36452Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory.
- CVE-2021-23386May 20, 2021risk 0.00cvss —epss 0.01
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
- CVE-2021-29580May 14, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalMaxPoolGrad` triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a `CHECK` condition…
- CVE-2021-29581May 14, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger denial of service via segmentation faults. The implementation(https://github.com/tensorflow/tensorflow/blob/a74768f8e4efb…
- CVE-2021-31919Apr 30, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.
- CVE-2021-29936Apr 1, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.
- CVE-2021-29937Apr 1, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size().
- CVE-2021-28030Mar 5, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.
- CVE-2021-28035Mar 5, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic.
- CVE-2021-28033Mar 5, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.
- CVE-2021-28029Mar 5, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations.
- CVE-2021-26952Feb 9, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read.
- CVE-2021-26953Feb 9, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation.
- CVE-2021-26305Jan 29, 2021risk 0.00cvss —epss 0.02
An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.
- CVE-2021-26308Jan 29, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.
- CVE-2020-36210Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.
- CVE-2021-25905Jan 22, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.
- CVE-2020-35878Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory.