mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
903e6532e6
looks like some confusion if the CVE is about this or RUSTSEC-2020-0036, but it looks like this is the actual security hole https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25575
22 lines
608 B
TOML
22 lines
608 B
TOML
[advisory]
|
|
id = "RUSTSEC-2019-0036"
|
|
aliases = ["CVE-2020-25575"]
|
|
package = "failure"
|
|
date = "2019-11-13"
|
|
informational = "unsound"
|
|
title = "Type confusion if __private_get_type_id__ is overriden"
|
|
url = "https://github.com/rust-lang-nursery/failure/issues/336"
|
|
keywords = ["unsound"]
|
|
description = """
|
|
Safe Rust code can implement malfunctioning `__private_get_type_id__` and cause
|
|
type confusion when downcasting, which is an undefined behavior.
|
|
|
|
Users who derive `Fail` trait are not affected.
|
|
"""
|
|
|
|
[affected]
|
|
functions = { "failure::Fail::__private_get_type_id__" = [">= 0.1.0"] }
|
|
|
|
[versions]
|
|
patched = []
|