GitHub Advisory DatabaseGHSA-WP34-MQW5-JJ85Use after free in nano_arena
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
75.7%
Affected versions of this crate assumed that Borrow<Idx> was guaranteed to return the same value on .borrow(). The borrowed index value was used to retrieve a mutable reference to a value.
If the Borrow<Idx> implementation returned a different index, the split arena would allow retrieving the index as a mutable reference creating two mutable references to the same element. This violates Rust’s aliasing rules and allows for memory safety issues such as writing out of bounds and use-after-frees.
The flaw was corrected in commit 6b83f9d by storing the .borrow() value in a temporary variable.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nano_arena_project | nano_arena | * | cpe:2.3:a:nano_arena_project:nano_arena:*:*:*:*:*:rust:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
75.7%