RUSTSEC-2020-0146

Source
https://rustsec.org/advisories/RUSTSEC-2020-0146
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0146.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2020-0146
Aliases
Published
2020-04-09T12:00:00Z
Modified
2023-11-01T04:53:15.708157Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
arr! macro erases lifetimes
Details

Affected versions of this crate allowed unsoundly extending lifetimes using arr! macro. This may result in a variety of memory corruption scenarios, most likely use-after-free.

References

Affected packages

crates.io / generic-array

Package

Name
generic-array
View open source insights on deps.dev
Purl
pkg:cargo/generic-array

Affected ranges

Type
SEMVER
Events
Introduced
0.8.0
Fixed
0.8.4
Introduced
0.9.0
Fixed
0.9.1
Introduced
0.10.0
Fixed
0.10.1
Introduced
0.11.0
Fixed
0.11.2
Introduced
0.12.0
Fixed
0.12.4
Introduced
0.13.0
Fixed
0.13.3

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}