RUSTSEC-2019-0018

Source
https://rustsec.org/advisories/RUSTSEC-2019-0018
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2019-0018.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2019-0018
Aliases
Published
2019-09-02T12:00:00Z
Modified
2023-11-08T04:01:16.345435Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Internally mutating methods take immutable ref self
Details

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally.

This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected and unpredictable behavior.

The flaw was corrected in release 0.5.0.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / renderdoc

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.5.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "renderdoc::api::RenderDocV110::trigger_multi_frame_capture",
            "renderdoc::api::RenderDocV120::set_capture_file_comments"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "informational": null,
    "categories": []
}