Lucene search

[email protected]CVE-2020-36203

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-36203

2021-01-2618:15:55

CWE-787

CWE-362

[email protected]

web.nvd.nist.gov

issue

reffers crate

rust

data race

memory corruption

cve-2020-36203

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.

Affected configurations

NVD

Node

reffers_projectreffersRange≤2020-12-01rust

CPENameOperatorVersion
reffers_project:reffersreffers project reffersle2020-12-01

CPE	Name	Operator	Version
reffers_project:reffers	reffers project reffers	le	2020-12-01

References

rustsec.org/advisories/RUSTSEC-2020-0094.html

Social References

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2020-36203

rustsec1 osv2 nvd1 prion1 cvelist1 github1