PT-2021-12002 · Rust+6 · Rust+6

Lcnr

Published

2021-01-12

Updated

2021-06-12

CVE-2020-36318

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Rust versions prior to 1.49.0

Description: The issue is related to a bug in the standard library of Rust, specifically in the VecDeque::make contiguous function. This bug can cause the same element to be popped more than once under certain conditions, potentially leading to a use-after-free or double free error.

Recommendations: For versions prior to 1.49.0, update to version 1.49.0 or later to resolve the issue.

Exploit

Fix

Double Free

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-416

Related Identifiers

ALT-PU-2021-1029

CESA-2021_1935

CVE-2020-36318

OESA-2021-1214

RHSA-2021:1935

RHSA-2021:2243

RHSA-2021_1935

RLSA-2021:1935

Affected Products

Alt Linux

Astra Linux

Centos

Debian

Red Hat

Rocky Linux

Rust

PT-2021-12002 · Rust+6 · Rust+6

CVE-2020-36318

Weakness Enumeration

Related Identifiers

Affected Products

References · 24