Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-PPQP-78XX-3R38
HistoryAug 25, 2021 - 8:53 p.m.

Out of bounds write in calamine

2021-08-2520:53:25
CWE-787
GitHub Advisory Database
github.com
11
calamine crate
rust
out of bounds write
vec::set_len
heap-memory
uninitialized memory
user-provided read
sectors::get

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.7%

JSON

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.

Affected configurations

Vulners
Node
calamine_projectcalamineRange<0.17.0rust
VendorProductVersionCPE
calamine_projectcalamine*cpe:2.3:a:calamine_project:calamine:*:*:*:*:*:rust:*:*

Related

cvelist 1
cve 1
prion 1
osv 3
rustsec 1
nvd 1
cvelist
cvelist
CVE-2021-26951
2021-02-09 22:07:49
cve
cve
CVE-2021-26951
2021-02-09 23:15:13
prion
prion
Design/Logic Flaw
2021-02-09 23:15:00
osv
osv
`Sectors::get` accesses unclaimed/uninitialized memory
2021-01-06 12:00:00
Out of bounds write in calamine
2021-08-25 20:53:25
CVE-2021-26951
2021-02-09 23:15:13
rustsec
rustsec
`Sectors::get` accesses unclaimed/uninitialized memory
2021-01-06 12:00:00
nvd
nvd
CVE-2021-26951
2021-02-09 23:15:13

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.7%

JSON
Related for GHSA-PPQP-78XX-3R38
cvelist1cve1prion1osv3rustsec1nvd1