CVE-2019-16142 – renderdoc

Package

Manager: cargo
Name: renderdoc
Vulnerable Version: >=0 <0.5.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00433 pctl0.6196

Details

Improper Input Validation in renderdoc Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected and unpredictable behavior. The flaw was corrected in release 0.5.0.

Metadata

Created: 2021-08-25T20:44:51Z
Modified: 2023-06-13T20:28:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-vhfr-v4w9-45v8/GHSA-vhfr-v4w9-45v8.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-vhfr-v4w9-45v8
Finding: F184
Auto approve: 1