HistoryEdit

RUSTSEC-2019-0021

Matrix::zip_elements causes double free

Issued
Package
linea (crates.io)
Type
Vulnerability
Categories
Keywords
#double-free
Aliases
Details
https://github.com/strake/linea.rs/issues/2
CVSS Score
9.8 CRITICAL
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Patched
  • >0.9.4
Keywords
#double-free

Description

Affected versions of this crate did not properly implements the Matrix::zip_elements method, which causes an double free when the given trait implementation might panic.

This allows an attacker to corrupt or take control of the memory.

The flaw was corrected by Phosphorus15.