0.3.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

portaudio-rs-project

CWE-416

critical

NVD

Published: 2019-09-25

Updated: 2024-11-21

Summary

An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback.

Vulnerable Configurations

Part	Description	Count
Application	Portaudio-Rs_Project Portaudio RS Project Portaudio RS - Portaudio RS Project Portaudio RS 0.3.0 Portaudio RS Project Portaudio RS 0.3.1	3

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://rustsec.org/advisories/RUSTSEC-2019-0022.html
https://rustsec.org/advisories/RUSTSEC-2019-0022.html