Vulnerabilities > CVE-2020-35864 - Unspecified vulnerability in Google Flatbuffers

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

google

NVD

Published: 2020-12-31

Updated: 2021-01-07

Summary

An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. read_scalar (and read_scalar_at) can transmute values without unsafe blocks.

Vulnerable Configurations

Part	Description	Count
Application	Google Google Flatbuffers 0.4.0 Google Flatbuffers 0.5.0 Google Flatbuffers 0.6.0 Google Flatbuffers 0.6.1 Google Flatbuffers 0.7.0 Google Flatbuffers 0.8.0 Google Flatbuffers 0.8.1 Google Flatbuffers 0.8.2 Google Flatbuffers 0.8.3 Google Flatbuffers 0.8.4 Google Flatbuffers 0.8.5 Google Flatbuffers 0.8.6 Google Flatbuffers 0.9.0 Google Flatbuffers 1.0.0 Google Flatbuffers 1.0.1 Google Flatbuffers 1.0.2 Google Flatbuffers 1.0.3 Google Flatbuffers 1.1.0 Google Flatbuffers 1.2.0 Google Flatbuffers 1.3.0 Google Flatbuffers 1.4.0 Google Flatbuffers 1.5.0 Google Flatbuffers 1.6.0 Google Flatbuffers 1.7.0 Google Flatbuffers 1.7.1 Google Flatbuffers 1.8.0 Google Flatbuffers 1.9.0 Google Flatbuffers 1.10.0 Google Flatbuffers 1.11.0 Google Flatbuffers 1.12.0	30

References

https://rustsec.org/advisories/RUSTSEC-2020-0009.html