RUSTSEC-2021-0022
- Source
- https://rustsec.org/advisories/RUSTSEC-2021-0022
- Import Source
- https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0022.json
- JSON Data
- https://api.osv.dev/v1/vulns/RUSTSEC-2021-0022
- Aliases
-
- CVE-2021-27377
- GHSA-9658-c26v-7qvf
- Published
- 2021-02-09T12:00:00Z
- Modified
- 2023-11-08T04:05:24.490347Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Use-after-free in `subscript_next` and `subscript_prev` wrappers
- Details
-
Affected versions of this crate had an unsound implementation which could pass a pointer to freed memory to
ydb_subscript_next_standydb_subscript_prev_stif the variable and subscripts did not have enough memory allocated on the first call to hold the next variable in the database.For example, the following code had undefined behavior:
let mut key = Key::variable(String::from("a")); Key::variable("averylongkeywithlotsofletters") .set_st(YDB_NOTTP, Vec::new(), b"some val") .unwrap(); key.sub_next_self_st(YDB_NOTTP, Vec::new()).unwrap();yottadbhas no reverse-dependencies on crates.io and there are no known instances of this API being used incorrectly in practice. The fix is backwards compatible.The flaw was corrected by recalculating the pointer each time it was reallocated.
- Database specific
{ "license": "CC0-1.0" }- References
Affected packages
crates.io / yottadb
Package
- Name
- yottadb
- View open source insights on deps.dev
- Purl
- pkg:cargo/yottadb