Skip to content

`temporary` makes use of uninitialized memory

Moderate severity GitHub Reviewed Published Aug 11, 2022 to the GitHub Advisory Database • Updated Jun 13, 2023

Package

cargo temporary (Rust)

Affected versions

>= 0.3.0, < 0.6.4

Patched versions

0.6.4

Description

Uninitialized memory is used as a RNG seed in temporary. This has been resolved in the 0.6.4 release. The crate is not intended to be used outside of a testing environment. For a general purpose crate to create temporary directories, tempfile is an alternative for this crate.

References

Published to the GitHub Advisory Database Aug 11, 2022
Reviewed Aug 11, 2022
Last updated Jun 13, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-2jq9-6xx7-3h29

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.