CVE-2020-35879 – rulinalg

Package

Manager: cargo
Name: rulinalg
Vulnerable Version: >=0.4.0 <=0.4.2

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00433 pctl0.6196

Details

Data races in rulinalg The affected version of rulinalg has incorrect lifetime boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut. They do not conform with Rust's borrowing rule and allows the user to create multiple mutable references to the same location. This may result in unexpected calculation result and data race if both references are used at the same time.

Metadata

Created: 2021-08-25T20:48:09Z
Modified: 2023-06-13T20:47:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-q2gj-9r85-p832/GHSA-q2gj-9r85-p832.json
CWE IDs: ["CWE-362"]
Alternative ID: GHSA-q2gj-9r85-p832
Finding: F124
Auto approve: 1