RUSTSEC-2020-0048

Source
https://rustsec.org/advisories/RUSTSEC-2020-0048
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0048.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2020-0048
Aliases
Published
2020-01-24T12:00:00Z
Modified
2023-11-08T04:03:38.366013Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Use-after-free in BodyStream due to lack of pinning
Details

Affected versions of this crate did not require the buffer wrapped in BodyStream to be pinned, but treated it as if it had a fixed location in memory. This may result in a use-after-free.

The flaw was corrected by making the trait MessageBody require Unpin and making poll_next() function accept Pin<&mut Self> instead of &mut self.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / actix-http

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
2.0.0-alpha.1

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}