61 lines
1.8 KiB
JSON
61 lines
1.8 KiB
JSON
{
|
|
"id": "RUSTSEC-2019-0009",
|
|
"summary": "Double-free and use-after-free in SmallVec::grow()",
|
|
"details": "Attempting to call `grow` on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents.\n\nAn attacker that controls the value passed to `grow` may exploit this flaw to obtain memory contents or gain remote code execution.\n\nCredits to @ehuss for discovering, reporting and fixing the bug.",
|
|
"aliases": [
|
|
"CVE-2019-15551"
|
|
],
|
|
"modified": "2021-10-19T22:14:35Z",
|
|
"published": "2019-06-06T12:00:00Z",
|
|
"references": [
|
|
{
|
|
"type": "PACKAGE",
|
|
"url": "https://crates.io/crates/smallvec"
|
|
},
|
|
{
|
|
"type": "ADVISORY",
|
|
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0009.html"
|
|
},
|
|
{
|
|
"type": "REPORT",
|
|
"url": "https://github.com/servo/rust-smallvec/issues/148"
|
|
}
|
|
],
|
|
"affected": [
|
|
{
|
|
"package": {
|
|
"name": "smallvec",
|
|
"ecosystem": "crates.io",
|
|
"purl": "pkg:cargo/smallvec"
|
|
},
|
|
"ranges": [
|
|
{
|
|
"type": "SEMVER",
|
|
"events": [
|
|
{
|
|
"introduced": "0.6.5"
|
|
},
|
|
{
|
|
"fixed": "0.6.10"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"ecosystem_specific": {
|
|
"affects": {
|
|
"os": [],
|
|
"functions": [
|
|
"smallvec::SmallVec::grow"
|
|
],
|
|
"arch": []
|
|
}
|
|
},
|
|
"database_specific": {
|
|
"cvss": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"source": "https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2019-0009.json",
|
|
"informational": null,
|
|
"categories": []
|
|
}
|
|
}
|
|
]
|
|
} |