Lucene search

GitHub Advisory DatabaseGHSA-RCCQ-J2M7-8FWR

HistoryAug 25, 2021 - 8:55 p.m.

Double-free in id-map

2021-08-2520:55:14

CWE-415

GitHub Advisory Database

github.com

double-free

id-map

vulnerability

element removal

drop impl

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.7%

JSON

A double free can occur in remove_set upon a panic in a Drop impl. When removing a set of elements, ptr::drop_in_place is called on each of the element to be removed. If the Drop impl of one of these elements panics then the previously dropped elements can be dropped again.

Affected configurations

Vulners

Node

id-map_projectid-mapRange≤0.2.1rust

VendorProductVersionCPE
id-map_projectid-map*cpe:2.3:a:id-map_project:id-map:*:*:*:*:*:rust:*:*

Vendor	Product	Version	CPE
id-map_project	id-map	*	cpe:2.3:a:id-map_project:id-map::::::rust::*

References

github.com/advisories/GHSA-rccq-j2m7-8fwr

github.com/andrewhickman/id-map/issues/3

nvd.nist.gov/vuln/detail/CVE-2021-30457

rustsec.org/advisories/RUSTSEC-2021-0052.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.7%

JSON

Related for GHSA-RCCQ-J2M7-8FWR