0.3.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

portaudio-rs-project

CWE-416

NVD

Published: 2019-09-25

Updated: 2019-09-26

Summary

An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback.

Vulnerable Configurations

Part	Description	Count
Application	Portaudio-Rs_Project Portaudio RS Project Portaudio RS - Portaudio RS Project Portaudio RS 0.3.0 Portaudio RS Project Portaudio RS 0.3.1	3

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://rustsec.org/advisories/RUSTSEC-2019-0022.html