OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
45a4e9ee37c0e71b4e1e845c0125a662cd096aba
advisory-db/crates/simple-slab/RUSTSEC-2020-0039.md
Yechan Bae 846dfb93a3 Update CVE numbers (#542)
2021-01-04 09:02:59 -08:00

552 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0039"
package = "simple-slab"
aliases = ["CVE-2020-35892", "CVE-2020-35893"]
date = "2020-09-03"
url = "https://github.com/nathansizemore/simple-slab/issues/2"

[versions]
patched = [">= 0.3.3"]

index() allows out-of-bound read and remove() has off-by-one error

Slab::index() does not perform the boundary checking, which leads to out-of-bound read access. Slab::remove() copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop.