Home > Vulnerability Database > CVE-2020-25016

Mend.io Vulnerability Database

CVE-2020-25016

Date: August 29, 2020

A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations.

Language: RUST

Severity Score

9.1

Related Resources (6)

Url: https://crates.io/crates/rgb

Url: https://rustsec.org/advisories/RUSTSEC-2020-0029.html

Url: https://github.com/kornelski/rust-rgb

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-25016

Url: https://github.com/kornelski/rust-rgb/issues/35

Url: https://www.mend.io/vulnerability-database/CVE-2020-25016

Severity Score

9.1

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Insufficient Information

NVD-CWE-noinfo

Access of Resource Using Incompatible Type ('Type Confusion')

CWE-843

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-25016

Date: August 29, 2020

Language: RUST

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?