Lucene search

GitHub Advisory DatabaseGHSA-W9R2-QRPM-4RMJ

HistoryAug 25, 2021 - 8:56 p.m.

Data race in disrustor

2021-08-2520:56:59

CWE-362

GitHub Advisory Database

github.com

data race

disrustor

ringbuffer

mutable references

rust

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

45.7%

JSON

An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references.

Affected configurations

Vulners

Node

disrustor_projectdisrustorRange<0.3.0rust

VendorProductVersionCPE
disrustor_projectdisrustor*cpe:2.3:a:disrustor_project:disrustor:*:*:*:*:*:rust:*:*

Vendor	Product	Version	CPE
disrustor_project	disrustor	*	cpe:2.3:a:disrustor_project:disrustor::::::rust::*

References

github.com/advisories/GHSA-w9r2-qrpm-4rmj

github.com/sklose/disrustor/commit/0be7aed40adbac51a50a3b95c815349a40d79ca6

github.com/sklose/disrustor/issues/1

nvd.nist.gov/vuln/detail/CVE-2020-36470

rustsec.org/advisories/RUSTSEC-2020-0150.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

45.7%

JSON

Related for GHSA-W9R2-QRPM-4RMJ