RUSTSEC-2019-0021

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2019-0021

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2019-0021.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2019-0021

Aliases

CVE-2019-16880
GHSA-j52m-489x-v634

Published

2019-09-14T12:00:00Z

Modified

2023-11-08T04:01:22.077424Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

`Matrix::zip_elements` causes double free

Details

Affected versions of this crate did not properly implements the Matrix::zip_elements method, which causes an double free when the given trait implementation might panic.

This allows an attacker to corrupt or take control of the memory.

The flaw was corrected by Phosphorus15.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / linea

Package

Name: linea; View open source insights on deps.dev
Purl: pkg:cargo/linea

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.9.5-0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}