Lucene search

GitHub Advisory DatabaseGHSA-M3WW-7HRP-GW9W

HistoryAug 25, 2021 - 8:47 p.m.

Drop of uninitialized memory in Ozone

2021-08-2520:47:41

CWE-119

CWE-908

GitHub Advisory Database

github.com

ozone crate

rust

memory safety

software

vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.7%

JSON

An issue was discovered in the ozone crate through version 0.1.0 for Rust. Memory safety is violated because of the dropping of uninitialized memory.

Affected configurations

Vulners

Node

ozone_projectozoneRange≤0.1.0rust

VendorProductVersionCPE
ozone_projectozone*cpe:2.3:a:ozone_project:ozone:*:*:*:*:*:rust:*:*

Vendor	Product	Version	CPE
ozone_project	ozone	*	cpe:2.3:a:ozone_project:ozone::::::rust::*

References

github.com/advisories/GHSA-m3ww-7hrp-gw9w

nvd.nist.gov/vuln/detail/CVE-2020-35878

rustsec.org/advisories/RUSTSEC-2020-0022.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.7%

JSON

Related for GHSA-M3WW-7HRP-GW9W