Vulnerabilities > CVE-2020-25575 - Type Confusion vulnerability in Failure Project Failure
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://boats.gitlab.io/blog/post/failure-to-fehler/
- https://boats.gitlab.io/blog/post/failure-to-fehler/
- https://github.com/rust-lang-nursery/failure/issues/336
- https://github.com/rust-lang-nursery/failure/issues/336
- https://rustsec.org/advisories/RUSTSEC-2020-0036.html
- https://rustsec.org/advisories/RUSTSEC-2020-0036.html