CVE-2020-36205

MEDIUM5.5EPSS 0.06%

Soundness issue with base::Error

發布日:2021/8/25修改日:2023/11/8

也稱為:GHSA-c8hq-x4mm-p6q6RUSTSEC-2020-0097

描述

`base::Error` type contains public field named `ptr`. With this definition, it is possible to create a `base::Error` with an invalid pointer and trigger memory safety errors such as use-after-free or double-free with safe Rust. The users of `xcb` crate are advised not to manipulate the field.

受影響套件(3)

crates.io/xcbfrom 0, < 1.0.0
crates.io/xcb>= 0.0.0-0, < 1.0.0
Debian/rust-xcbfrom 0, < 1.1.1-1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-36205
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-36205
PATCHhttps://crates.io/crates/xcb
PATCHhttps://github.com/rtbo/rust-xcb
WEBhttps://github.com/rtbo/rust-xcb/issues/93
WEBhttps://github.com/rust-x-bindings/rust-xcb/issues/93
WEBhttps://rustsec.org/advisories/RUSTSEC-2020-0097.html