Reported

December 20, 2018

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

orion (crates.io)

Type

Vulnerability

Aliases

• CVE-2018-20999
• GHSA-gffv-5hr2-f9gj

References

• https://github.com/brycx/orion/issues/46

CVSS Score

7.5 HIGH

CVSS Details

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Patched

• >=0.11.2

Description

Affected versions of this crate did not properly reset a streaming state.

Resetting a streaming state, without finalising it first, creates incorrect results.

The flaw was corrected by not first checking if the state had already been reset, when calling reset().

Advisory available under CC0-1.0 license.