Vulnerabilities > CVE-2020-36318 - Use After Free vulnerability in Rust-Lang Rust 1.48.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

rust-lang

CWE-416

critical

NVD

Published: 2021-04-11

Updated: 2021-04-26

Summary

In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.

Vulnerable Configurations

Part	Description	Count
Application	Rust-Lang Rust Lang Rust 1.48.0	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/rust-lang/rust/issues/79808
https://github.com/rust-lang/rust/pull/79814