PT-2018-15492 · Rust · Orion Crate

Brycx

Publicado

2018-12-20

Atualizado

2021-08-25

CVE-2018-20999

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions orion crate versions prior to 0.11.2

Description An issue in the orion crate causes incorrect results when reset() is called without first finalizing the streaming state. This occurs because the state is not properly reset. The flaw was corrected by changing the behavior of the reset() call to not check if the state had already been reset.

Recommendations For versions prior to 0.11.2, update to version 0.11.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the reset() function without first finalizing the streaming state to minimize the risk of incorrect results.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-682

Identificadores relacionados

CVE-2018-20999

GHSA-GFFV-5HR2-F9GJ

RUSTSEC-2018-0012

Produtos afetados

Orion Crate

PT-2018-15492 · Rust · Orion Crate

CVE-2018-20999

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8