CVE-2019-15554
CRITICAL9.8EPSS 0.42%Memory corruption in SmallVec::grow()
Published: 8/25/2021Modified: 4/28/2026
Description
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.
Affected packages (3)
- crates.io/smallvec>= 0.6.3, < 0.6.10
- crates.io/smallvec>= 0.6.3, < 0.6.10
- Debian/rust-smallvecfrom 0, < 0.6.10-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-15554
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-15554
- PATCHhttps://crates.io/crates/smallvec
- PATCHhttps://github.com/servo/rust-smallvec
- WEBhttps://github.com/servo/rust-smallvec/issues/149
- WEBhttps://rustsec.org/advisories/RUSTSEC-2019-0012.html