4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.0%
Version 2.5.0 of the libpulse-binding
Rust crate, released on the 22nd of December 2018, fixed a potential use-after-free issue with property list iteration due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator
to the Proplist
object for which it was created. This made it possible for users, without experiencing a compiler error/warning, to destroy the Proplist
object before the iterator, thus destroying the underlying C object the iterator works upon, before the iterator may be finished with it.
This advisory is being written retrospectively, having previously only been noted in the changelog. No CVE assignment was sought.
This impacts all versions of the crate before 2.5.0 back to 1.0.5. Before version 1.0.5 the function that produces the iterator was broken to the point of being useless.
Users are required to update to version 2.5.0 or newer.
Versions older than 2.5.0 have been yanked from crates.io as of the 22nd of October 2020.
CPE | Name | Operator | Version |
---|---|---|---|
libpulse-binding | ge | 1.0.5 | |
libpulse-binding | lt | 2.5.0 |
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.0%