CVE-2020-35861 – bumpalo

Package

Manager: cargo
Name: bumpalo
Vulnerable Version: >=3.0.0 <3.2.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00285 pctl0.51445

Details

Out of bounds read in bumpalo An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys.

Metadata

Created: 2021-08-25T20:47:13Z
Modified: 2021-08-19T21:18:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-vqx7-pw4r-29rr/GHSA-vqx7-pw4r-29rr.json
CWE IDs: ["CWE-125"]
Alternative ID: GHSA-vqx7-pw4r-29rr
Finding: F111
Auto approve: 1