cxx is vulnerable to Use of Uninitialized Variable
28
Low Risk
The let_cxx_string! macro in the cxx crate has an exception safety vulnerability where a StackString is created before the match expression evaluates, and if that expression panics, the uninitialized StackString's drop implementation unconditionally deinitializes uninitialized memory, causing segmentation faults. The fix is non-trivial because simply reordering initialization doesn't work—the init() method itself can panic when calling user-provided AsRef implementations, perpetuating the soundness issue.
You are affected if you are using a version that falls within the vulnerable range.
cxx is vulnerable to Use of Uninitialized Variable in versions 0.0.1 - 1.0.195.
Upgrade the cxx library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant