PT-2020-17522 · Rust · Ordnung Crate

Published

2020-09-03

Updated

2021-08-25

CVE-2020-35890

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ordnung crate versions through 0.0.1

Description The issue concerns the compact::Vec in the ordnung crate, which violates memory safety. This occurs via out-of-bounds access for large capacity and through the remove() function, which is not panic-safe and can cause a double-free when an index larger than the length is provided. Additionally, there's a 32-bit / allocator layout mismatch in 64-bit environments.

Recommendations For ordnung crate versions through 0.0.1, consider disabling the compact::Vec until a patch is available to prevent out-of-bounds access and double-free issues. Restrict the use of the remove() function to prevent double-free errors. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Out of bounds Read

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-415

Related Identifiers

CVE-2020-35890

GHSA-4WJ3-P7HJ-CVX8

GHSA-QRWC-JXF5-G8X6

RUSTSEC-2020-0038

Affected Products

Ordnung Crate

PT-2020-17522 · Rust · Ordnung Crate

CVE-2020-35890

Weakness Enumeration

Related Identifiers

Affected Products

References · 10