Common Weakness Enumeration

CWE-126

Allowed

Buffer Over-read

Abstraction: Variant · Status: Draft

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

853 vulnerabilities reference this CWE, most recent first.

GHSA-CX43-QJ46-J7WR

Vulnerability from github – Published: 2022-04-08 00:00 – Updated: 2022-04-19 00:01
VLAI
Details

A remote, authenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver and the CODESYS Control runtime system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-07T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A remote, authenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver and the CODESYS Control runtime system.",
  "id": "GHSA-cx43-qj46-j7wr",
  "modified": "2022-04-19T00:01:33Z",
  "published": "2022-04-08T00:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22519"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CXCM-VGV2-MQ4G

Vulnerability from github – Published: 2024-01-02 06:30 – Updated: 2024-01-02 06:30
VLAI
Details

Transient DOS in WLAN Firmware while parsing a BTM request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-02T06:15:10Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS in WLAN Firmware while parsing a BTM request.",
  "id": "GHSA-cxcm-vgv2-mq4g",
  "modified": "2024-01-02T06:30:30Z",
  "published": "2024-01-02T06:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33062"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CXVV-P2XR-R2M8

Vulnerability from github – Published: 2023-09-04 18:30 – Updated: 2023-09-04 18:30
VLAI
Details

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-04T16:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.",
  "id": "GHSA-cxvv-p2xr-r2m8",
  "modified": "2023-09-04T18:30:25Z",
  "published": "2023-09-04T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4758"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F2W3-QVQC-X7RQ

Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-10 18:30
VLAI
Details

Microsoft Windows Admin Center Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T17:15:35Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Windows Admin Center Information Disclosure Vulnerability",
  "id": "GHSA-f2w3-qvqc-x7rq",
  "modified": "2024-09-10T18:30:47Z",
  "published": "2024-09-10T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43475"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43475"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F4P6-W7PH-5GQM

Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33
VLAI
Details

Transient DOS may occur while parsing SSID in action frames.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21448"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T11:15:53Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS may occur while parsing SSID in action frames.",
  "id": "GHSA-f4p6-w7ph-5gqm",
  "modified": "2025-04-07T12:33:19Z",
  "published": "2025-04-07T12:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21448"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F4WH-W575-W6C3

Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30
VLAI
Details

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33026"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-05T15:15:52Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.",
  "id": "GHSA-f4wh-w575-w6c3",
  "modified": "2024-08-05T15:30:53Z",
  "published": "2024-08-05T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33026"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F5RX-W2R6-VXR8

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-08 00:00
VLAI
Details

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34308"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-13T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344)",
  "id": "GHSA-f5rx-w2r6-vxr8",
  "modified": "2022-10-08T00:00:18Z",
  "published": "2022-05-24T19:07:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34308"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-837"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8XC-GMQX-V9FH

Vulnerability from github – Published: 2026-05-14 15:31 – Updated: 2026-05-14 15:31
VLAI
Details

Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T14:16:25Z",
    "severity": "MODERATE"
  },
  "details": "Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array.  This allows a table maintainer to infer memory values past that array end.  Within major version 18, minor versions before PostgreSQL 18.4 are affected.  Versions before PostgreSQL 18 are unaffected.",
  "id": "GHSA-f8xc-gmqx-v9fh",
  "modified": "2026-05-14T15:31:58Z",
  "published": "2026-05-14T15:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6575"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/support/security/CVE-2026-6575"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9FC-826Q-M9W2

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30
VLAI
Details

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:08Z",
    "severity": "HIGH"
  },
  "details": "Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-f9fc-826q-m9w2",
  "modified": "2026-06-09T18:30:43Z",
  "published": "2026-06-09T18:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42828"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42828"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FF9Q-RM55-Q7QR

Vulnerability from github – Published: 2026-05-07 00:02 – Updated: 2026-05-07 00:02
VLAI
Summary
diesel-async may expose uninitialized padding bytes for MySQL temporal columns
Details

Summary

diesel-async exposes uninitialized stack padding to safe code on every read of a MySQL DATE, TIME, DATETIME, or TIMESTAMP column. Reading that buffer is undefined behavior, and the leaked bytes can contain stale heap/stack contents, so this is both a soundness bug and a potential information-disclosure vector.

Details

In diesel-async/src/mysql/row.rs (lines 65-103), MysqlRow::get builds a MysqlTime from the parsed mysql_async::Value and then fabricates the byte buffer that downstream FromSql impls expect like this:

let date = MysqlTime::new(/* fields from Value::Date / Value::Time */);
let buffer = unsafe {
    let ptr = &date as *const MysqlTime as *const u8;
    let slice = std::slice::from_raw_parts(ptr, std::mem::size_of::<MysqlTime>());
    slice.to_vec()
};

MysqlTime is #[repr(C)] with 3 bytes of padding after bool neg (Linux x86_64, offsets 0x21..0x23). The literal construction leaves that padding uninitialized, and to_vec() carries it into a Vec<u8> that becomes the MysqlValue's backing buffer, reachable from safe code via MysqlValue::as_bytes() -> &[u8].

diesel itself avoids this by going through MaybeUninit::<MysqlTime>::zeroed() + ptr::copy_nonoverlapping (see diesel/src/mysql/value.rs:43-94); the same pattern would fix this. Alternatively, write the bytes diesel's FromSql reads without round-tripping through a MysqlTime value.

PoC

Cargo.toml:

[dependencies]
diesel = { version = "~2.3.0", default-features = false, features = ["mysql_backend"] }
diesel-async = { version = "=0.8.0", features = ["mysql"] }
mysql_common = { version = "0.35", default-features = false }

src/main.rs:

use diesel::row::{Field, Row};
use diesel_async::{AsyncConnectionCore, AsyncMysqlConnection};
use mysql_common::{constants::ColumnType, packets::Column, prelude::FromRow, value::Value};

type MysqlRow = <AsyncMysqlConnection as AsyncConnectionCore>::Row<'static, 'static>;

fn main() {
    let cols = std::sync::Arc::from([Column::new(ColumnType::MYSQL_TYPE_DATE)]);
    let raw = mysql_common::row::new_row(vec![Value::Date(2024, 1, 1, 0, 0, 0, 0)], cols);
    let row: MysqlRow = FromRow::from_row(raw);

    let field = row.get(0).unwrap();
    let bytes = field.value().unwrap().as_bytes();
    let _: u64 = bytes.iter().map(|&b| b as u64).sum(); // UB: hits padding
}

Miri output:

error: Undefined Behavior: reading memory at alloc844[0x21..0x22], but memory is uninitialized at [0x21..0x22], and this operation requires initialized memory
  --> src/main.rs:14:37
   |
14 |     let _: u64 = bytes.iter().map(|&b| b as u64).sum(); // UB: hits padding
   |                                     ^ Undefined Behavior occurred here
   |
   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
   = note: stack backtrace:
           0: main::{closure#0}
               at src/main.rs:14:37: 14:38
           1: std::iter::adapters::map::map_fold::<&u8, u64, u64, {closure@src/main.rs:14:35: 14:39}, {closure@<u64 as std::iter::Sum>::sum<std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}>>::{closure#0}}>::{closure#0}
               at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/adapters/map.rs:88:28: 88:34
           2: <std::slice::Iter<'_, u8> as std::iter::Iterator>::fold::<u64, {closure@std::iter::adapters::map::map_fold<&u8, u64, u64, {closure@src/main.rs:14:35: 14:39}, {closure@<u64 as std::iter::Sum>::sum<std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}>>::{closure#0}}>::{closure#0}}>
               at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/slice/iter/macros.rs:279:27: 279:85
           3: <std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}> as std::iter::Iterator>::fold::<u64, {closure@<u64 as std::iter::Sum>::sum<std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}>>::{closure#0}}>
               at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/adapters/map.rs:128:9: 128:50
           4: <u64 as std::iter::Sum>::sum::<std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}>>
               at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/traits/accum.rs:52:17: 56:18
           5: <std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}> as std::iter::Iterator>::sum::<u64>
               at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/traits/iterator.rs:3676:9: 3676:23
           6: main
               at src/main.rs:14:18: 14:55

Uninitialized memory occurred at alloc844[0x21..0x22], in this allocation:
alloc844 (Rust heap, size: 48, align: 1) {
    0x00 │ e8 07 00 00 01 00 00 00 01 00 00 00 00 00 00 00 │ ................
    0x10 │ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │ ................
    0x20 │ 00 __ __ __ 01 00 00 00 00 00 00 00 __ __ __ __ │ .░░░........░░░░
}

Impact

Soundness bug in safe API surface of diesel-async's MySQL backend. Affects every user of AsyncMysqlConnection whose queries return a temporal column.

AI disclosure: this issue was found via Claude Code running Claude Opus 4.7.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "diesel-async"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.1.0"
            },
            {
              "fixed": "0.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T00:02:22Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Summary\n\ndiesel-async exposes uninitialized stack padding to safe code on every read of a MySQL `DATE`, `TIME`, `DATETIME`, or `TIMESTAMP` column. Reading that buffer is undefined behavior, and the leaked bytes can contain stale heap/stack contents, so this is both a soundness bug and a potential information-disclosure vector.\n\n### Details\n\nIn `diesel-async/src/mysql/row.rs` (lines 65-103), `MysqlRow::get` builds a `MysqlTime` from the parsed `mysql_async::Value` and then fabricates the byte buffer that downstream `FromSql` impls expect like this:\n\n```rust\nlet date = MysqlTime::new(/* fields from Value::Date / Value::Time */);\nlet buffer = unsafe {\n    let ptr = \u0026date as *const MysqlTime as *const u8;\n    let slice = std::slice::from_raw_parts(ptr, std::mem::size_of::\u003cMysqlTime\u003e());\n    slice.to_vec()\n};\n```\n\n`MysqlTime` is `#[repr(C)]` with 3 bytes of padding after `bool neg` (Linux x86_64, offsets 0x21..0x23). The literal construction leaves that padding uninitialized, and `to_vec()` carries it into a `Vec\u003cu8\u003e` that becomes the `MysqlValue`\u0027s backing buffer, reachable from safe code via `MysqlValue::as_bytes() -\u003e \u0026[u8]`.\n\n`diesel` itself avoids this by going through `MaybeUninit::\u003cMysqlTime\u003e::zeroed()` + `ptr::copy_nonoverlapping` (see `diesel/src/mysql/value.rs:43-94`); the same pattern would fix this. Alternatively, write the bytes diesel\u0027s `FromSql` reads without round-tripping through a `MysqlTime` value.\n\n### PoC\n\n`Cargo.toml`:\n```toml\n[dependencies]\ndiesel = { version = \"~2.3.0\", default-features = false, features = [\"mysql_backend\"] }\ndiesel-async = { version = \"=0.8.0\", features = [\"mysql\"] }\nmysql_common = { version = \"0.35\", default-features = false }\n```\n\n`src/main.rs`:\n```rust\nuse diesel::row::{Field, Row};\nuse diesel_async::{AsyncConnectionCore, AsyncMysqlConnection};\nuse mysql_common::{constants::ColumnType, packets::Column, prelude::FromRow, value::Value};\n\ntype MysqlRow = \u003cAsyncMysqlConnection as AsyncConnectionCore\u003e::Row\u003c\u0027static, \u0027static\u003e;\n\nfn main() {\n    let cols = std::sync::Arc::from([Column::new(ColumnType::MYSQL_TYPE_DATE)]);\n    let raw = mysql_common::row::new_row(vec![Value::Date(2024, 1, 1, 0, 0, 0, 0)], cols);\n    let row: MysqlRow = FromRow::from_row(raw);\n\n    let field = row.get(0).unwrap();\n    let bytes = field.value().unwrap().as_bytes();\n    let _: u64 = bytes.iter().map(|\u0026b| b as u64).sum(); // UB: hits padding\n}\n```\n\nMiri output:\n\n```\nerror: Undefined Behavior: reading memory at alloc844[0x21..0x22], but memory is uninitialized at [0x21..0x22], and this operation requires initialized memory\n  --\u003e src/main.rs:14:37\n   |\n14 |     let _: u64 = bytes.iter().map(|\u0026b| b as u64).sum(); // UB: hits padding\n   |                                     ^ Undefined Behavior occurred here\n   |\n   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior\n   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information\n   = note: stack backtrace:\n           0: main::{closure#0}\n               at src/main.rs:14:37: 14:38\n           1: std::iter::adapters::map::map_fold::\u003c\u0026u8, u64, u64, {closure@src/main.rs:14:35: 14:39}, {closure@\u003cu64 as std::iter::Sum\u003e::sum\u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e\u003e::{closure#0}}\u003e::{closure#0}\n               at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/adapters/map.rs:88:28: 88:34\n           2: \u003cstd::slice::Iter\u003c\u0027_, u8\u003e as std::iter::Iterator\u003e::fold::\u003cu64, {closure@std::iter::adapters::map::map_fold\u003c\u0026u8, u64, u64, {closure@src/main.rs:14:35: 14:39}, {closure@\u003cu64 as std::iter::Sum\u003e::sum\u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e\u003e::{closure#0}}\u003e::{closure#0}}\u003e\n               at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/slice/iter/macros.rs:279:27: 279:85\n           3: \u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e as std::iter::Iterator\u003e::fold::\u003cu64, {closure@\u003cu64 as std::iter::Sum\u003e::sum\u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e\u003e::{closure#0}}\u003e\n               at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/adapters/map.rs:128:9: 128:50\n           4: \u003cu64 as std::iter::Sum\u003e::sum::\u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e\u003e\n               at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/traits/accum.rs:52:17: 56:18\n           5: \u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e as std::iter::Iterator\u003e::sum::\u003cu64\u003e\n               at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/traits/iterator.rs:3676:9: 3676:23\n           6: main\n               at src/main.rs:14:18: 14:55\n\nUninitialized memory occurred at alloc844[0x21..0x22], in this allocation:\nalloc844 (Rust heap, size: 48, align: 1) {\n    0x00 \u2502 e8 07 00 00 01 00 00 00 01 00 00 00 00 00 00 00 \u2502 ................\n    0x10 \u2502 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \u2502 ................\n    0x20 \u2502 00 __ __ __ 01 00 00 00 00 00 00 00 __ __ __ __ \u2502 .\u2591\u2591\u2591........\u2591\u2591\u2591\u2591\n}\n```\n\n### Impact\n\nSoundness bug in safe API surface of `diesel-async`\u0027s MySQL backend. Affects every user of `AsyncMysqlConnection` whose queries return a temporal column.\n\nAI disclosure: this issue was found via Claude Code running Claude Opus 4.7.",
  "id": "GHSA-ff9q-rm55-q7qr",
  "modified": "2026-05-07T00:02:22Z",
  "published": "2026-05-07T00:02:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/diesel-rs/diesel_async/security/advisories/GHSA-ff9q-rm55-q7qr"
    },
    {
      "type": "WEB",
      "url": "https://github.com/diesel-rs/diesel_async/commit/18f2c861c51b4a5f23a20bd749eba13737b9e4aa"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/diesel-rs/diesel_async"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "diesel-async may expose uninitialized padding bytes for MySQL temporal columns"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.