Lucene search
RustsecRUSTSEC-2020-0021HistoryMay 11, 2020 - 12:00 p.m.
rio allows a use-after-free buffer access when a future is leaked
2020-05-1112:00:00
rustsec.org
10
0.002 Low
EPSS
Percentile
59.0%
When a rio::Completion is leaked, its drop code will not run. The drop code
is responsible for waiting until the kernel completes the I/O operation into, or
out of, the buffer borrowed by rio::Completion. Leaking the struct will allow
one to access and/or drop the buffer, which can lead to a use-after-free,
data races or leaking secrets.
Upstream is not interested in fixing the issue.
Related
prion
prion
Design/Logic Flaw
2020-12-31 10:15:00
nvd
nvd
CVE-2020-35876
2020-12-31 10:15:15
osv
osv
Use after free in rio
2021-08-25 20:46:57
rio allows a use-after-free buffer access when a future is leaked
2020-05-11 12:00:00
debiancve
debiancve
CVE-2020-35876
2020-12-31 10:15:00
cvelist
cvelist
CVE-2020-35876
2020-12-31 08:27:20
github
github
Use after free in rio
2021-08-25 20:46:57
cve
cve
CVE-2020-35876
2020-12-31 10:15:15