CVE-2024-27284

Name of the Vulnerable Software and Affected Versions cassandra-rs versions prior to 3.0.0

Description The issue is related to a use-after-free bug in the cassandra-rs driver for Rust. Code that attempts to use an item returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behavior. This problem has always existed and is rated high severity. However, such code will almost always fail immediately, making it unlikely that any code using this pattern would have reached production.

Recommendations For versions prior to 3.0.0, upgrade to version 3.0.0 to ensure the code cannot use the problematic pattern. As a temporary workaround, ensure all usage fits the expected pattern, for example, use get first row() rather than an iterator, or completely process an item before advancing the iterator with next().