If your @rustlang code uses std::mem::uninitialized() and can panic while referencing uninitialized memory, it's a potential security vulnerability:https://twitter.com/RustSec/status/1151587254990602240 …
-
-
Asking around about it a bit more
-
There's some speculation this is potentially RCE (via deref coercion + dropping uninitialized memory). Still waiting for someone to open a PR with a writeup. When they do, I can link you if you're interested.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.