CVE-2020-35878 – ozone

Package

Manager: cargo
Name: ozone
Vulnerable Version: >=0 <=0.1.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00433 pctl0.6196

Details

Drop of uninitialized memory in Ozone An issue was discovered in the ozone crate through version 0.1.0 for Rust. Memory safety is violated because of the dropping of uninitialized memory.

Metadata

Created: 2021-08-25T20:47:41Z
Modified: 2023-06-13T19:52:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-m3ww-7hrp-gw9w/GHSA-m3ww-7hrp-gw9w.json
CWE IDs: ["CWE-119", "CWE-908"]
Alternative ID: GHSA-m3ww-7hrp-gw9w
Finding: F138
Auto approve: 1