GHSA-cgmg-2v6m-fjg7

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 7.8

Описание

Free of uninitialized memory in autorand

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2020-36210
https://github.com/mersinvald/autorand-rs/issues/5
https://rustsec.org/advisories/RUSTSEC-2020-0103.html

Пакеты

Наименование

autorand

rust

Затронутые версииВерсия исправления

< 0.2.3

0.2.3

EPSS

Процентиль: 20%

0.00065

Низкий

7.8 High

CVSS3

CVE ID

CVE-2020-36210

Дефекты

CWE-908

Связанные уязвимости

CVE-2020-36210

CVSS3: 7.8

nvd

около 5 лет назад

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.

EPSS

Процентиль: 20%

0.00065

Низкий

7.8 High

CVSS3

CVE ID

CVE-2020-36210

Дефекты

CWE-908