Reported

June 11, 2019

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

pnet (crates.io)

Type

Vulnerability

Categories

• memory-corruption

Keywords

#segfault

Aliases

• CVE-2019-25054
• GHSA-24g6-5rx7-58wj
• GHSA-r6ff-2q3c-v3pv

References

• https://github.com/libpnet/libpnet/issues/449

CVSS Score

6 MEDIUM

CVSS Details

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality Impact

None

Integrity Impact

High

Availability Impact

High

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Patched

• >=0.27.2

Affected Functions

Version

pnet::transport::IcmpTransportChannelIterator

• <0.27.2

Description

Affected versions of this crate were optimized out by compiler, which caused dereference of uninitialized file descriptor which caused segfault.

Advisory available under CC0-1.0 license.