CVE-2024-36760 – rhai

Package

Manager: cargo
Name: rhai
Vulnerable Version: >=0 <=1.18.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0031 pctl0.53631

Details

Rhai stack overflow vulenrability A stack overflow vulnerability was found in version 1.18.0 of rhai. The flaw position is: (/ SRC/rhai/SRC/eval/STMT. Rs in rhai: : eval: : STMT: : _ $LT $impl $u20 $rhai.. engine.. Engine$GT$::eval_stmt::h3f1d68ce37fc6e96). Due to the stack overflow is a recursive call/SRC/rhai/SRC/eval/STMT. Rs file eval_stmt_block function.

Metadata

Created: 2024-06-13T18:31:59Z
Modified: 2024-07-05T21:21:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-67fv-9r7g-432h/GHSA-67fv-9r7g-432h.json
CWE IDs: ["CWE-120", "CWE-674"]
Alternative ID: GHSA-67fv-9r7g-432h
Finding: F067
Auto approve: 1