CVE-2021-29934 - OpenCVE

An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Uu Od Project	Uu Od

Configuration 1 [-]

cpe:2.3:a:uu_od_project:uu_od:*:*:*:*:*:rust:*:*

References

Link	Resource
https://rustsec.org/advisories/RUSTSEC-2021-0043.html	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-01T04:24:14

Updated: 2021-04-01T04:24:14

Reserved: 2021-04-01T00:00:00

Link: CVE-2021-29934

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-01T05:15:14.530

Modified: 2022-04-25T20:26:10.367

Link: CVE-2021-29934

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uu_od_project:uu_od:*:*:*:*:*:rust:*:*", "matchCriteriaId": "96618D90-AEF2-4BAC-9950-2C60F8108024", "versionEndExcluding": "0.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation."}, {"lang": "es", "value": "Se detect\u00f3 un problema en la funci\u00f3n PartialReader en la crate uu_od versiones anteriores a 0.0.4 para Rust. Los atacantes pueden leer el contenido de ubicaciones de la memoria no inicializada por medio de una operaci\u00f3n de Lectura proporcionada por el usuario."}], "id": "CVE-2021-29934", "lastModified": "2022-04-25T20:26:10.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-01T05:15:14.530", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://rustsec.org/advisories/RUSTSEC-2021-0043.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}