Lucene search

[email protected]CVE-2020-36215

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-36215

2021-01-2618:15:56

CWE-662

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-36215

hashconsing crate

memory corruption

rust

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

53.0%

JSON

An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.

Affected configurations

NVD

Node

hashconsing_projecthashconsingRange<1.1.0rust

CPENameOperatorVersion
hashconsing_project:hashconsinghashconsing project hashconsinglt1.1.0

CPE	Name	Operator	Version
hashconsing_project:hashconsing	hashconsing project hashconsing	lt	1.1.0

References

rustsec.org/advisories/RUSTSEC-2020-0107.html

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

53.0%

JSON

Related for CVE-2020-36215

osv2 prion1 cnvd1 cvelist1 nvd1 rustsec1 github1