CVE-2020-35711

Опубликовано: 25 дек. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map.

Ссылки

https://github.com/vorner/arc-swap/issues/45
Exploit
Patch
Third Party Advisory
https://rustsec.org/advisories/RUSTSEC-2020-0091.html
Third Party Advisory
https://github.com/vorner/arc-swap/issues/45
Exploit
Patch
Third Party Advisory
https://rustsec.org/advisories/RUSTSEC-2020-0091.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:arc-swap_project:arc-swap:*:*:*:*:*:*:*:*

Версия до 0.4.8 (исключая)

cpe:2.3:a:arc-swap_project:arc-swap:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 1.1.0 (исключая)

EPSS

Процентиль: 55%

0.00328

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-35711

CVSS3: 7.5

ubuntu

около 5 лет назад

CVE-2020-35711

CVSS3: 7.5

debian

около 5 лет назад

An issue has been discovered in the arc-swap crate before 0.4.8 (and 1 ...

GHSA-9pqx-g3jh-qpqq

CVSS3: 7.5

github

больше 3 лет назад

Dangling reference in `access::Map` with Constant

EPSS

Процентиль: 55%

0.00328

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo