RUSTSEC-2020-0157

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0157

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0157.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0157

Aliases

Published

2020-06-02T12:00:00Z

Modified

2023-11-08T04:02:21.747761Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Improper Synchronization and Race Condition in vm-memory

Details

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because readobj and writeobj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl).

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / vm-memory

Package

Name: vm-memory; View open source insights on deps.dev
Purl: pkg:cargo/vm-memory

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.1.1

Introduced

0.2.0-0

Fixed

0.2.1

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}