rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/bitvec/RUSTSEC-2020-0007.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

658 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2020-0007"
package = "bitvec"
aliases = ["CVE-2020-35862", "GHSA-7cjc-hvxf-gqh7"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
categories = ["memory-corruption"]
date = "2020-03-27"
url = "https://github.com/myrrlyn/bitvec/issues/55"

[affected.functions]
"bitvec::vec::BitVec::into_boxed_bitslice" = ["< 0.17.4, >= 0.11.0"]

[versions]
patched = [">= 0.17.4"]
unaffected = ["< 0.11.0"]

use-after or double free of allocated memory

Conversion of BitVec to BitBox did not account for allocation movement.

The flaw was corrected by using the address after resizing, rather than the original base address.