CVE-2021-26951

Опубликовано: 09 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.

Ссылки

https://rustsec.org/advisories/RUSTSEC-2021-0015.html
Exploit
Vendor Advisory
https://rustsec.org/advisories/RUSTSEC-2021-0015.html
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:calamine_project:calamine:*:*:*:*:*:rust:*:*

Версия до 0.17.0 (исключая)

EPSS

Процентиль: 66%

0.00504

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-ppqp-78xx-3r38