Lucene search

[email protected]CVE-2020-25791

HistorySep 19, 2020 - 9:15 p.m.

CVE-2020-25791

2020-09-1921:15:00

CWE-129

[email protected]

web.nvd.nist.gov

sized-chunks

rust

cve-2020-25791

security

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

49.2%

JSON

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().

CPENameOperatorVersion
sized-chunks_project:sized-chunkssized-chunks project sized-chunksle0.6.2

CPE	Name	Operator	Version
sized-chunks_project:sized-chunks	sized-chunks project sized-chunks	le	0.6.2

References

github.com/bodil/sized-chunks/issues/11

rustsec.org/advisories/RUSTSEC-2020-0041.html

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

49.2%

JSON

Related for CVE-2020-25791

cvelist1 debiancve1 cbl_mariner1 prion1 ubuntucve1 github1 osv13 rustsec1 photon1