CVE-2020-25016

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-25016

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25016.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-25016

Aliases

Related

UBUNTU-CVE-2020-25016

Published

2020-08-29T16:15:09Z

Modified

2024-09-18T03:09:06.510144Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations.

References

Affected packages

Debian:11 / rust-rgb

Package

Name: rust-rgb
Purl: pkg:deb/debian/rust-rgb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8.11-1

0.8.36-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rust-rgb

Package

Name: rust-rgb
Purl: pkg:deb/debian/rust-rgb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.36-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rust-rgb

Package

Name: rust-rgb
Purl: pkg:deb/debian/rust-rgb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.36-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}