We found results for “”
WS-2021-0065
Date: January 4, 2021
All versions of the crate 'endian_trait' are affected and does not guard against panic from user-provided impl of Endian trait, which is a safe trait that users can implement. If a user-provided implementation of the Endian trait panics, double-drop is triggered due to the duplicated ownership of T created by ptr::read(). Double-drop (or double free) can cause memory corruption in the heap. No patched version is available.
Language: RUST
Severity Score
Severity Score
Weakness Type (CWE)
Double Free
CWE-415CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |