PT-2020-17532 · Rust · Array-Queue

Published

2020-09-26

Updated

2021-08-25

CVE-2020-35900

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions array-queue crate through 2020-09-26

Description The issue arises from the pop back function in the array-queue crate, which fails to properly index into the array. This allows the reading of previously dropped or uninitialized memory, potentially leading to a use-after-free scenario. The array-queue crate implements a circular queue that wraps around an array.

Recommendations For array-queue crate through 2020-09-26, consider disabling the pop back function until a patch is available to prevent potential use-after-free issues. Restrict access to the pop back function to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2020-35900

GHSA-75CQ-G75G-RXFF

RUSTSEC-2020-0047

Affected Products

Array-Queue

PT-2020-17532 · Rust · Array-Queue

CVE-2020-35900

Weakness Enumeration

Related Identifiers

Affected Products

References · 8