CVE-2019-16144
published 2019-09-09CVE-2019-16144: An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls.
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.64%
73.3th percentile
An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| generator-rs_project | generator-rs | < 0.6.18 | 0.6.18 |
| php_formmail | generator | >= 0 < 0.6.18 | 0.6.18 |
| php_formmail | generator | >= 0.0.0-0 < 0.6.18 | 0.6.18 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Uninitialized memory use in generator
osv·2021-08-25
CVE-2019-16144 [HIGH] Uninitialized memory use in generator
Uninitialized memory use in generator
An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls.
GHSA
Uninitialized memory use in generator
ghsa·2021-08-25
CVE-2019-16144 [HIGH] CWE-908 Uninitialized memory use in generator
Uninitialized memory use in generator
An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls.
OSV
fix unsound APIs that could lead to UB
osv·2019-09-06
CVE-2019-16144 fix unsound APIs that could lead to UB
fix unsound APIs that could lead to UB
Affected versions of this crate API could use uninitialized memory with some APIs in special
cases, like use the API in none generator context. This could lead to UB.
The flaw was corrected by
This patch fixes all those issues above.
No detection rules found.
No public exploits indexed.
2019-09-09
Published