Lucene search

[email protected]NVD:CVE-2020-36215

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-36215

2021-01-2618:15:56

CWE-662

CWE-787

[email protected]

web.nvd.nist.gov

rust

hashconsing

memory corruption

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.9%

JSON

An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.

Affected configurations

Nvd

Node

hashconsing_projecthashconsingRange<1.1.0rust

VendorProductVersionCPE
hashconsing_projecthashconsing*cpe:2.3:a:hashconsing_project:hashconsing:*:*:*:*:*:rust:*:*

Vendor	Product	Version	CPE
hashconsing_project	hashconsing	*	cpe:2.3:a:hashconsing_project:hashconsing::::::rust::*

References

rustsec.org/advisories/RUSTSEC-2020-0107.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.9%

JSON

Related for NVD:CVE-2020-36215

osv2 prion1 cve1 github1 cvelist1 rustsec1 cnvd1