CVE-2020-36464 – heapless

Package

Manager: cargo
Name: heapless
Vulnerable Version: >=0 <0.6.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0028 pctl0.51006

Details

Use after free in heapless An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.

Metadata

Created: 2021-08-25T20:56:09Z
Modified: 2021-08-18T21:16:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-qgwf-r2jj-2ccv/GHSA-qgwf-r2jj-2ccv.json
CWE IDs: ["CWE-416"]
Alternative ID: GHSA-qgwf-r2jj-2ccv
Finding: F138
Auto approve: 1