CVE-2020-13759

Опубликовано: 02 июн. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl).

Ссылки

https://github.com/rust-vmm/vm-memory/issues/93
Technical Description
https://github.com/rust-vmm/vm-memory/releases/tag/v0.1.1
Release Notes
Third Party Advisory
https://github.com/rust-vmm/vm-memory/releases/tag/v0.2.1
Release Notes
Third Party Advisory
https://github.com/rust-vmm/vm-memory/issues/93
Technical Description
https://github.com/rust-vmm/vm-memory/releases/tag/v0.1.1
Release Notes
Third Party Advisory
https://github.com/rust-vmm/vm-memory/releases/tag/v0.2.1
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vm-memory_project:vm-memory:*:*:*:*:*:*:*:*

Версия до 0.1.1 (исключая)

cpe:2.3:a:vm-memory_project:vm-memory:*:*:*:*:*:*:*:*

Версия от 0.2.0 (включая) до 0.2.1 (исключая)

EPSS

Процентиль: 59%

0.00385

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

GHSA-mm4m-qg48-f7wc