GHSA-wq8f-46ww-6c2h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wq8f-46ww-6c2h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-wq8f-46ww-6c2h/GHSA-wq8f-46ww-6c2h.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wq8f-46ww-6c2h
- Aliases
-
- CVE-2018-20989
- RUSTSEC-2018-0001
- Published
- 2021-08-25T20:43:49Z
- Modified
- 2023-11-08T04:00:13.244459Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Integer underflow in untrusted
- Details
-
A mistake in error handling in untrusted before 0.6.2 could lead to an integer underflow and panic if a user of the crate didn't properly check for errors returned by untrusted. Combination of these two programming errors (one in untrusted and another by user of this crate) could lead to a panic and maybe a denial of service of affected software. The error in untrusted is fixed in release 0.6.2 released 2018-06-21. It's also advisable that users of untrusted check for their sources for cases where errors returned by untrusted are not handled correctly.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-191" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-08-19T21:24:20Z" }- References
Affected packages
crates.io / untrusted
Package
- Name
- untrusted
- View open source insights on deps.dev
- Purl
- pkg:cargo/untrusted