RUSTSEC-2020-0045

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0045

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0045.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0045

Aliases

CVE-2020-35898
GHSA-hhw2-pqhf-vmx2

Published

2020-01-08T12:00:00Z

Modified

2023-11-08T04:03:38.175676Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

bespoke Cell implementation allows obtaining several mutable references to the same data

Details

The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data.

This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free.

The flaw was corrected by switching from a bespoke Cell<T> implementation to Rc<RefCell<T>>.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / actix-utils

Package

Name: actix-utils; View open source insights on deps.dev
Purl: pkg:cargo/actix-utils

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

2.0.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
    "informational": "unsound",
    "categories": [
        "memory-corruption"
    ]
}