HistoryEditJSON (OSV)

RUSTSEC-2018-0012

Flaw in streaming state reset() functions can create incorrect results.

Reported
Issued
Package
orion (crates.io)
Type
Vulnerability
Aliases
References
CVSS Score
7.5 HIGH
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Patched
  • >=0.11.2

Description

Affected versions of this crate did not properly reset a streaming state.

Resetting a streaming state, without finalising it first, creates incorrect results.

The flaw was corrected by not first checking if the state had already been reset, when calling reset().

Advisory available under CC0-1.0 license.