{"id":"RUSTSEC-2019-0011","summary":"Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code","details":"Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references.\nThey also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic.\n\nThe flaw was corrected by using `MaybeUninit`.","aliases":["CVE-2019-15553","GHSA-rh89-x75f-rh3c"],"modified":"2023-11-01T04:50:32.428333Z","published":"2019-07-16T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/memoffset"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2019-0011.html"},{"type":"REPORT","url":"https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490"}],"affected":[{"package":{"name":"memoffset","ecosystem":"crates.io","purl":"pkg:cargo/memoffset"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.5.0"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":[],"os":[],"arch":[]}},"database_specific":{"cvss":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","categories":[],"informational":"unsound","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2019-0011.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}