RUSTSEC-2019-0021

Source
https://rustsec.org/advisories/RUSTSEC-2019-0021
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2019-0021.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2019-0021
Aliases
Published
2019-09-14T12:00:00Z
Modified
2023-11-08T04:01:22.077424Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
`Matrix::zip_elements` causes double free
Details

Affected versions of this crate did not properly implements the Matrix::zip_elements method, which causes an double free when the given trait implementation might panic.

This allows an attacker to corrupt or take control of the memory.

The flaw was corrected by Phosphorus15.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / linea

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.9.5-0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}