GHSA-6wp2-fw3v-mfmc

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Memory corruption in array-tools

An issue was discovered in the array-tools crate before 0.3.2 for Rust. Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone() panics in FixedCapacityDequeLike<T, A>::clone(). This causes memory corruption.

Ссылки

Пакеты

Наименование

array-tools

rust

Затронутые версииВерсия исправления

< 0.3.2

0.3.2

EPSS

Процентиль: 69%

0.00607

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-36452

Дефекты

CWE-908

CWE-909

Связанные уязвимости

CVE-2020-36452

CVSS3: 9.8

nvd

больше 4 лет назад

An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory.

EPSS

Процентиль: 69%

0.00607

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-36452

Дефекты

CWE-908

CWE-909