RUSTSEC-2020-0047

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0047

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0047.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0047

Aliases

CVE-2020-35900
GHSA-75cq-g75g-rxff

Published

2020-09-26T12:00:00Z

Modified

2023-11-08T04:03:38.302446Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

array_queue pop_back() may cause a use-after-free

Details

array_queue implements a circular queue that wraps around an array. However, it fails to properly index into the array in the pop_back function allowing the reading of previously dropped or uninitialized memory.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / array-queue

Package

Name: array-queue; View open source insights on deps.dev
Purl: pkg:cargo/array-queue

Affected ranges

Type: SEMVER
Events: Introduced

0.3.0

Ecosystem specific

{
    "affects": {
        "arch": [],
        "functions": [],
        "os": []
    },
    "affected_functions": null
}

Database specific

{
    "informational": null,
    "cvss": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
    "categories": []
}