PT-2019-14535 · Rust · Compact Arena Crate

Cad97

Published

2019-05-21

Updated

2021-08-25

CVE-2019-16139

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions compact arena crate versions prior to 0.4.0

Description An issue in the compact arena crate for Rust involves the mishandling of generativity, leading to potential out-of-bounds writes or reads. The affected versions did not properly implement generativity because invariant lifetimes were not necessarily dropped. This allows an attacker to mix up two arenas, using indices created from one arena with another, potentially leading to out-of-bounds read or write access into the memory reserved for the arena.

Recommendations For versions prior to 0.4.0, update to version 0.4.0 to resolve the issue, as it correctly implements generativity.

Fix

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

CVE-2019-16139

GHSA-7J36-GC4R-9X3R

RUSTSEC-2019-0015

Affected Products

Compact Arena Crate

PT-2019-14535 · Rust · Compact Arena Crate

CVE-2019-16139

Weakness Enumeration

Related Identifiers

Affected Products

References · 8