PT-2018-15492 · Rust · Orion Crate

Brycx

Published

2018-12-20

Updated

2021-08-25

CVE-2018-20999

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions orion crate versions prior to 0.11.2

Description An issue in the orion crate causes incorrect results when reset() is called without first finalizing the streaming state. This occurs because the state is not properly reset. The flaw was corrected by changing the behavior of the reset() call to not check if the state had already been reset.

Recommendations For versions prior to 0.11.2, update to version 0.11.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the reset() function without first finalizing the streaming state to minimize the risk of incorrect results.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-682

Related Identifiers

CVE-2018-20999

GHSA-GFFV-5HR2-F9GJ

RUSTSEC-2018-0012

Affected Products

Orion Crate

PT-2018-15492 · Rust · Orion Crate

CVE-2018-20999

Weakness Enumeration

Related Identifiers

Affected Products

References · 8