RUSTSEC-2019-0021

Matrix::zip_elements causes double free

Reported

September 14, 2019

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

linea (crates.io)

Type

Vulnerability

Categories

memory-corruption

Keywords

#double-free

Aliases

CVE-2019-16880
GHSA-j52m-489x-v634

References

https://github.com/strake/linea.rs/issues/2

CVSS Score

9.8 CRITICAL

CVSS Details

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

>0.9.4

Description

Affected versions of this crate did not properly implements the Matrix::zip_elements method, which causes an double free when the given trait implementation might panic.

This allows an attacker to corrupt or take control of the memory.

The flaw was corrected by Phosphorus15.

Advisory available under CC0-1.0 license.