Uninitialized Buffer Vulnerability in libp2p-deflate Crate

Uninitialized Buffer Vulnerability in libp2p-deflate Crate

CVE-2020-36443 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.

Learn more about our User Device Pen Test.