PT-2020-17517 · Rust · Alpm-Rs

Published

2020-08-20

Updated

2021-09-13

CVE-2020-35885

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions alpm-rs crate through 2020-08-20

Description An issue was discovered in the alpm-rs crate where StrcCtx performs improper memory deallocation. This can introduce memory safety issues such as double-free and use-after-free to client programs. Specifically, StrcCtx deallocate a memory region that it doesn't own when StrcCtx is created without using StrcCtx::new.

Recommendations For alpm-rs crate through 2020-08-20, ensure that StrcCtx is created using StrcCtx::new to avoid improper memory deallocation. As a temporary workaround, consider restricting the use of StrcCtx until a patch is available.

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

CVE-2020-35885

GHSA-QC4M-GC8R-MG8M

RUSTSEC-2020-0032

Affected Products

Alpm-Rs

PT-2020-17517 · Rust · Alpm-Rs

CVE-2020-35885

Weakness Enumeration

Related Identifiers

Affected Products

References · 9