RUSTSEC-2020-0023

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0023

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0023.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0023

Aliases

CVE-2020-35879
GHSA-q2gj-9r85-p832

Published

2020-02-11T12:00:00Z

Modified

2023-11-08T04:03:37.134824Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Lifetime boundary for `raw_slice` and `raw_slice_mut` are incorrect

Details

The affected version of rulinalg has incorrect lifetime boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut. They do not conform with Rust's borrowing rule and allows the user to create multiple mutable references to the same location. This may result in unexpected calculation result and data race if both references are used at the same time.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / rulinalg

Package

Name: rulinalg; View open source insights on deps.dev
Purl: pkg:cargo/rulinalg

Affected ranges

Type: SEMVER
Events: Introduced

0.4.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "rulinalg::matrix::RowMut::raw_slice",
            "rulinalg::matrix::RowMut::raw_slice_mut"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "informational": null,
    "categories": []
}