Issued

June 11, 2019

Package

pnet (crates.io)

Type

Vulnerability

Categories

• memory-corruption

Keywords

#segfault

Details

https://github.com/libpnet/libpnet/issues/449

CVSS Score

6 MEDIUM

CVSS Details

Attack vector

Local

Attack complexity

Low

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Patched

• >=0.27.2

Affected Functions

Version

pnet::transport::IcmpTransportChannelIterator

• <0.27.2

Description

Affected versions of this crate were optimized out by compiler, which caused dereference of uninitialized file descriptor which caused segfault.