Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-HR3C-6MMP-6M39
HistoryAug 25, 2021 - 8:42 p.m.

Memory corruption slice-deque

2021-08-2520:42:57
Google
osv.dev
2

0.002 Low

EPSS

Percentile

60.8%

JSON

Affected versions of this crate did not properly update the head and tail of the deque when inserting and removing elements from the front if, before insertion or removal, the tail of the deque was in the mirrored memory region, and if, after insertion or removal, the head of the deque is exactly at the beginning of the mirrored memory region.

An attacker that controls both element insertion and removal into the deque could put it in a corrupted state. Once the deque enters such an state, its head and tail are corrupted, but in bounds of the allocated memory. This can result in partial reads and writes, reads of uninitialized memory, reads of memory containing previously dropped objects, etc. An attacker could exploit this to alter program execution.

The flaw was corrected by properly updating the head and tail of the deque in this case.

CPENameOperatorVersion
slice-dequelt0.1.16

Related

osv 1
prion 1
cvelist 1
rustsec 1
cve 1
nvd 1
github 1
osv
osv
Bug in SliceDeque::move_head_unchecked allows read of corrupted memory
2018-12-05 12:00:00
prion
prion
Memory corruption
2019-08-26 18:15:00
cvelist
cvelist
CVE-2018-20995
2019-08-26 17:14:25
rustsec
rustsec
Bug in SliceDeque::move_head_unchecked allows read of corrupted memory
2018-12-05 12:00:00
cve
cve
CVE-2018-20995
2019-08-26 18:15:11
nvd
nvd
CVE-2018-20995
2019-08-26 18:15:11
github
github
Memory corruption slice-deque
2021-08-25 20:42:57

0.002 Low

EPSS

Percentile

60.8%

JSON
Related for OSV:GHSA-HR3C-6MMP-6M39
osv1prion1cvelist1rustsec1cve1nvd1github1