CVE-2020-25575

Name of the Vulnerable Software and Affected Versions failure crate versions 0.1.5 and earlier

Description The issue presents a type confusion flaw when downcasting, which may introduce compatibility hazards in some applications. This affects products that are no longer supported by the maintainer. Safe Rust code can implement malfunctioning private get type id and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected.

Recommendations For failure crate versions 0.1.5 and earlier, consider switching to actively developed alternatives such as anyhow, eyre, fehler, snafu, or thiserror to mitigate the risk. As a temporary workaround, avoid using the private get type id function until a patch is available. Restrict the use of the failure crate to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.