If your @rustlang code uses std::mem::uninitialized() and can panic while referencing uninitialized memory, it's a potential security vulnerability:https://twitter.com/RustSec/status/1151587254990602240 …
As far as I can tell it's just a null dereference or a ud2 at worst right now, not uninitialized memory reads.
-
-
We’ve discovered some potential memory disclosure vulnerabilities and will update the advisory accordingly
-
Here is where we see memory disclosure potential. WDYT? https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505472124 …
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.