Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-16140: Use-after-free in buffer conversion implementation › RustSec Advisory Database

An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.

CVE
#vulnerability#git#perl

RUSTSEC-2019-0016

Use-after-free in buffer conversion implementation

Reported

September 1, 2019

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

chttp (crates.io)

Type

Vulnerability

Keywords

#memory-management #memory-corruption

Aliases

  • CVE-2019-16140
  • GHSA-5rrv-m36h-qwf8

References

  • https://github.com/sagebind/isahc/issues/2

CVSS Score

9.8 CRITICAL

CVSS Details

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

  • =0.1.3

Unaffected

  • <0.1.1

Description

The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior.

A fix was published in version 0.1.3.

Advisory available under CC0-1.0 license.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907