CVE-2020-36205

MEDIUM5.5EPSS 0.06%

Soundness issue with base::Error

Published: 8/25/2021Modified: 11/8/2023

Also known as:GHSA-c8hq-x4mm-p6q6RUSTSEC-2020-0097

Description

`base::Error` type contains public field named `ptr`. With this definition, it is possible to create a `base::Error` with an invalid pointer and trigger memory safety errors such as use-after-free or double-free with safe Rust. The users of `xcb` crate are advised not to manipulate the field.

Affected packages (3)

crates.io/xcbfrom 0, < 1.0.0
crates.io/xcb>= 0.0.0-0, < 1.0.0
Debian/rust-xcbfrom 0, < 1.1.1-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-36205
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-36205
PATCHhttps://crates.io/crates/xcb
PATCHhttps://github.com/rtbo/rust-xcb
WEBhttps://github.com/rtbo/rust-xcb/issues/93
WEBhttps://github.com/rust-x-bindings/rust-xcb/issues/93
WEBhttps://rustsec.org/advisories/RUSTSEC-2020-0097.html