CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
853 vulnerabilities reference this CWE, most recent first.
GHSA-CX43-QJ46-J7WR
Vulnerability from github – Published: 2022-04-08 00:00 – Updated: 2022-04-19 00:01A remote, authenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver and the CODESYS Control runtime system.
{
"affected": [],
"aliases": [
"CVE-2022-22519"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-07T19:15:00Z",
"severity": "MODERATE"
},
"details": "A remote, authenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver and the CODESYS Control runtime system.",
"id": "GHSA-cx43-qj46-j7wr",
"modified": "2022-04-19T00:01:33Z",
"published": "2022-04-08T00:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22519"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CXCM-VGV2-MQ4G
Vulnerability from github – Published: 2024-01-02 06:30 – Updated: 2024-01-02 06:30Transient DOS in WLAN Firmware while parsing a BTM request.
{
"affected": [],
"aliases": [
"CVE-2023-33062"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-02T06:15:10Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while parsing a BTM request.",
"id": "GHSA-cxcm-vgv2-mq4g",
"modified": "2024-01-02T06:30:30Z",
"published": "2024-01-02T06:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33062"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CXVV-P2XR-R2M8
Vulnerability from github – Published: 2023-09-04 18:30 – Updated: 2023-09-04 18:30Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.
{
"affected": [],
"aliases": [
"CVE-2023-4758"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-04T16:15:08Z",
"severity": "MODERATE"
},
"details": "Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.",
"id": "GHSA-cxvv-p2xr-r2m8",
"modified": "2023-09-04T18:30:25Z",
"published": "2023-09-04T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4758"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-F2W3-QVQC-X7RQ
Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-10 18:30Microsoft Windows Admin Center Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-43475"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T17:15:35Z",
"severity": "HIGH"
},
"details": "Microsoft Windows Admin Center Information Disclosure Vulnerability",
"id": "GHSA-f2w3-qvqc-x7rq",
"modified": "2024-09-10T18:30:47Z",
"published": "2024-09-10T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43475"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43475"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F4P6-W7PH-5GQM
Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33Transient DOS may occur while parsing SSID in action frames.
{
"affected": [],
"aliases": [
"CVE-2025-21448"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-07T11:15:53Z",
"severity": "HIGH"
},
"details": "Transient DOS may occur while parsing SSID in action frames.",
"id": "GHSA-f4p6-w7ph-5gqm",
"modified": "2025-04-07T12:33:19Z",
"published": "2025-04-07T12:33:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21448"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F4WH-W575-W6C3
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
{
"affected": [],
"aliases": [
"CVE-2024-33026"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:52Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.",
"id": "GHSA-f4wh-w575-w6c3",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33026"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F5RX-W2R6-VXR8
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-08 00:00A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344)
{
"affected": [],
"aliases": [
"CVE-2021-34308"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344)",
"id": "GHSA-f5rx-w2r6-vxr8",
"modified": "2022-10-08T00:00:18Z",
"published": "2022-05-24T19:07:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34308"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-837"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F8XC-GMQX-V9FH
Vulnerability from github – Published: 2026-05-14 15:31 – Updated: 2026-05-14 15:31Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.
{
"affected": [],
"aliases": [
"CVE-2026-6575"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-14T14:16:25Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.",
"id": "GHSA-f8xc-gmqx-v9fh",
"modified": "2026-05-14T15:31:58Z",
"published": "2026-05-14T15:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6575"
},
{
"type": "WEB",
"url": "https://www.postgresql.org/support/security/CVE-2026-6575"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F9FC-826Q-M9W2
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-42828"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:08Z",
"severity": "HIGH"
},
"details": "Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-f9fc-826q-m9w2",
"modified": "2026-06-09T18:30:43Z",
"published": "2026-06-09T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42828"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42828"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FF9Q-RM55-Q7QR
Vulnerability from github – Published: 2026-05-07 00:02 – Updated: 2026-05-07 00:02Summary
diesel-async exposes uninitialized stack padding to safe code on every read of a MySQL DATE, TIME, DATETIME, or TIMESTAMP column. Reading that buffer is undefined behavior, and the leaked bytes can contain stale heap/stack contents, so this is both a soundness bug and a potential information-disclosure vector.
Details
In diesel-async/src/mysql/row.rs (lines 65-103), MysqlRow::get builds a MysqlTime from the parsed mysql_async::Value and then fabricates the byte buffer that downstream FromSql impls expect like this:
let date = MysqlTime::new(/* fields from Value::Date / Value::Time */);
let buffer = unsafe {
let ptr = &date as *const MysqlTime as *const u8;
let slice = std::slice::from_raw_parts(ptr, std::mem::size_of::<MysqlTime>());
slice.to_vec()
};
MysqlTime is #[repr(C)] with 3 bytes of padding after bool neg (Linux x86_64, offsets 0x21..0x23). The literal construction leaves that padding uninitialized, and to_vec() carries it into a Vec<u8> that becomes the MysqlValue's backing buffer, reachable from safe code via MysqlValue::as_bytes() -> &[u8].
diesel itself avoids this by going through MaybeUninit::<MysqlTime>::zeroed() + ptr::copy_nonoverlapping (see diesel/src/mysql/value.rs:43-94); the same pattern would fix this. Alternatively, write the bytes diesel's FromSql reads without round-tripping through a MysqlTime value.
PoC
Cargo.toml:
[dependencies]
diesel = { version = "~2.3.0", default-features = false, features = ["mysql_backend"] }
diesel-async = { version = "=0.8.0", features = ["mysql"] }
mysql_common = { version = "0.35", default-features = false }
src/main.rs:
use diesel::row::{Field, Row};
use diesel_async::{AsyncConnectionCore, AsyncMysqlConnection};
use mysql_common::{constants::ColumnType, packets::Column, prelude::FromRow, value::Value};
type MysqlRow = <AsyncMysqlConnection as AsyncConnectionCore>::Row<'static, 'static>;
fn main() {
let cols = std::sync::Arc::from([Column::new(ColumnType::MYSQL_TYPE_DATE)]);
let raw = mysql_common::row::new_row(vec![Value::Date(2024, 1, 1, 0, 0, 0, 0)], cols);
let row: MysqlRow = FromRow::from_row(raw);
let field = row.get(0).unwrap();
let bytes = field.value().unwrap().as_bytes();
let _: u64 = bytes.iter().map(|&b| b as u64).sum(); // UB: hits padding
}
Miri output:
error: Undefined Behavior: reading memory at alloc844[0x21..0x22], but memory is uninitialized at [0x21..0x22], and this operation requires initialized memory
--> src/main.rs:14:37
|
14 | let _: u64 = bytes.iter().map(|&b| b as u64).sum(); // UB: hits padding
| ^ Undefined Behavior occurred here
|
= help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
= help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
= note: stack backtrace:
0: main::{closure#0}
at src/main.rs:14:37: 14:38
1: std::iter::adapters::map::map_fold::<&u8, u64, u64, {closure@src/main.rs:14:35: 14:39}, {closure@<u64 as std::iter::Sum>::sum<std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}>>::{closure#0}}>::{closure#0}
at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/adapters/map.rs:88:28: 88:34
2: <std::slice::Iter<'_, u8> as std::iter::Iterator>::fold::<u64, {closure@std::iter::adapters::map::map_fold<&u8, u64, u64, {closure@src/main.rs:14:35: 14:39}, {closure@<u64 as std::iter::Sum>::sum<std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}>>::{closure#0}}>::{closure#0}}>
at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/slice/iter/macros.rs:279:27: 279:85
3: <std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}> as std::iter::Iterator>::fold::<u64, {closure@<u64 as std::iter::Sum>::sum<std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}>>::{closure#0}}>
at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/adapters/map.rs:128:9: 128:50
4: <u64 as std::iter::Sum>::sum::<std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}>>
at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/traits/accum.rs:52:17: 56:18
5: <std::iter::Map<std::slice::Iter<'_, u8>, {closure@src/main.rs:14:35: 14:39}> as std::iter::Iterator>::sum::<u64>
at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/traits/iterator.rs:3676:9: 3676:23
6: main
at src/main.rs:14:18: 14:55
Uninitialized memory occurred at alloc844[0x21..0x22], in this allocation:
alloc844 (Rust heap, size: 48, align: 1) {
0x00 │ e8 07 00 00 01 00 00 00 01 00 00 00 00 00 00 00 │ ................
0x10 │ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │ ................
0x20 │ 00 __ __ __ 01 00 00 00 00 00 00 00 __ __ __ __ │ .░░░........░░░░
}
Impact
Soundness bug in safe API surface of diesel-async's MySQL backend. Affects every user of AsyncMysqlConnection whose queries return a temporal column.
AI disclosure: this issue was found via Claude Code running Claude Opus 4.7.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "diesel-async"
},
"ranges": [
{
"events": [
{
"introduced": "0.1.0"
},
{
"fixed": "0.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-07T00:02:22Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Summary\n\ndiesel-async exposes uninitialized stack padding to safe code on every read of a MySQL `DATE`, `TIME`, `DATETIME`, or `TIMESTAMP` column. Reading that buffer is undefined behavior, and the leaked bytes can contain stale heap/stack contents, so this is both a soundness bug and a potential information-disclosure vector.\n\n### Details\n\nIn `diesel-async/src/mysql/row.rs` (lines 65-103), `MysqlRow::get` builds a `MysqlTime` from the parsed `mysql_async::Value` and then fabricates the byte buffer that downstream `FromSql` impls expect like this:\n\n```rust\nlet date = MysqlTime::new(/* fields from Value::Date / Value::Time */);\nlet buffer = unsafe {\n let ptr = \u0026date as *const MysqlTime as *const u8;\n let slice = std::slice::from_raw_parts(ptr, std::mem::size_of::\u003cMysqlTime\u003e());\n slice.to_vec()\n};\n```\n\n`MysqlTime` is `#[repr(C)]` with 3 bytes of padding after `bool neg` (Linux x86_64, offsets 0x21..0x23). The literal construction leaves that padding uninitialized, and `to_vec()` carries it into a `Vec\u003cu8\u003e` that becomes the `MysqlValue`\u0027s backing buffer, reachable from safe code via `MysqlValue::as_bytes() -\u003e \u0026[u8]`.\n\n`diesel` itself avoids this by going through `MaybeUninit::\u003cMysqlTime\u003e::zeroed()` + `ptr::copy_nonoverlapping` (see `diesel/src/mysql/value.rs:43-94`); the same pattern would fix this. Alternatively, write the bytes diesel\u0027s `FromSql` reads without round-tripping through a `MysqlTime` value.\n\n### PoC\n\n`Cargo.toml`:\n```toml\n[dependencies]\ndiesel = { version = \"~2.3.0\", default-features = false, features = [\"mysql_backend\"] }\ndiesel-async = { version = \"=0.8.0\", features = [\"mysql\"] }\nmysql_common = { version = \"0.35\", default-features = false }\n```\n\n`src/main.rs`:\n```rust\nuse diesel::row::{Field, Row};\nuse diesel_async::{AsyncConnectionCore, AsyncMysqlConnection};\nuse mysql_common::{constants::ColumnType, packets::Column, prelude::FromRow, value::Value};\n\ntype MysqlRow = \u003cAsyncMysqlConnection as AsyncConnectionCore\u003e::Row\u003c\u0027static, \u0027static\u003e;\n\nfn main() {\n let cols = std::sync::Arc::from([Column::new(ColumnType::MYSQL_TYPE_DATE)]);\n let raw = mysql_common::row::new_row(vec![Value::Date(2024, 1, 1, 0, 0, 0, 0)], cols);\n let row: MysqlRow = FromRow::from_row(raw);\n\n let field = row.get(0).unwrap();\n let bytes = field.value().unwrap().as_bytes();\n let _: u64 = bytes.iter().map(|\u0026b| b as u64).sum(); // UB: hits padding\n}\n```\n\nMiri output:\n\n```\nerror: Undefined Behavior: reading memory at alloc844[0x21..0x22], but memory is uninitialized at [0x21..0x22], and this operation requires initialized memory\n --\u003e src/main.rs:14:37\n |\n14 | let _: u64 = bytes.iter().map(|\u0026b| b as u64).sum(); // UB: hits padding\n | ^ Undefined Behavior occurred here\n |\n = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior\n = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information\n = note: stack backtrace:\n 0: main::{closure#0}\n at src/main.rs:14:37: 14:38\n 1: std::iter::adapters::map::map_fold::\u003c\u0026u8, u64, u64, {closure@src/main.rs:14:35: 14:39}, {closure@\u003cu64 as std::iter::Sum\u003e::sum\u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e\u003e::{closure#0}}\u003e::{closure#0}\n at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/adapters/map.rs:88:28: 88:34\n 2: \u003cstd::slice::Iter\u003c\u0027_, u8\u003e as std::iter::Iterator\u003e::fold::\u003cu64, {closure@std::iter::adapters::map::map_fold\u003c\u0026u8, u64, u64, {closure@src/main.rs:14:35: 14:39}, {closure@\u003cu64 as std::iter::Sum\u003e::sum\u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e\u003e::{closure#0}}\u003e::{closure#0}}\u003e\n at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/slice/iter/macros.rs:279:27: 279:85\n 3: \u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e as std::iter::Iterator\u003e::fold::\u003cu64, {closure@\u003cu64 as std::iter::Sum\u003e::sum\u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e\u003e::{closure#0}}\u003e\n at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/adapters/map.rs:128:9: 128:50\n 4: \u003cu64 as std::iter::Sum\u003e::sum::\u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e\u003e\n at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/traits/accum.rs:52:17: 56:18\n 5: \u003cstd::iter::Map\u003cstd::slice::Iter\u003c\u0027_, u8\u003e, {closure@src/main.rs:14:35: 14:39}\u003e as std::iter::Iterator\u003e::sum::\u003cu64\u003e\n at /home/paolobarbolini/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/iter/traits/iterator.rs:3676:9: 3676:23\n 6: main\n at src/main.rs:14:18: 14:55\n\nUninitialized memory occurred at alloc844[0x21..0x22], in this allocation:\nalloc844 (Rust heap, size: 48, align: 1) {\n 0x00 \u2502 e8 07 00 00 01 00 00 00 01 00 00 00 00 00 00 00 \u2502 ................\n 0x10 \u2502 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \u2502 ................\n 0x20 \u2502 00 __ __ __ 01 00 00 00 00 00 00 00 __ __ __ __ \u2502 .\u2591\u2591\u2591........\u2591\u2591\u2591\u2591\n}\n```\n\n### Impact\n\nSoundness bug in safe API surface of `diesel-async`\u0027s MySQL backend. Affects every user of `AsyncMysqlConnection` whose queries return a temporal column.\n\nAI disclosure: this issue was found via Claude Code running Claude Opus 4.7.",
"id": "GHSA-ff9q-rm55-q7qr",
"modified": "2026-05-07T00:02:22Z",
"published": "2026-05-07T00:02:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/diesel-rs/diesel_async/security/advisories/GHSA-ff9q-rm55-q7qr"
},
{
"type": "WEB",
"url": "https://github.com/diesel-rs/diesel_async/commit/18f2c861c51b4a5f23a20bd749eba13737b9e4aa"
},
{
"type": "PACKAGE",
"url": "https://github.com/diesel-rs/diesel_async"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "diesel-async may expose uninitialized padding bytes for MySQL temporal columns"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.