CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.

**RUSTSEC-2021-0115**

#[zeroize(drop)] doesn't implement Drop for enums

Issued

September 24, 2021

Package

zeroize\_derive (crates.io)

Type

Vulnerability

Details

https://github.com/iqlusioninc/crates/issues/876

Patched

*   >=1.1.1

**Description**

Affected versions of this crate did not implement Drop when #[zeroize(drop)] was used on an enum.

This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute.

The flaw was corrected in version 1.2 and #[zeroize(drop)] on enums now properly implements Drop.

Headline

CVE-2021-45706: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s › RustSec Advisory Database

CVE: Latest News