Vulnerabilities > CVE-2020-36318 - Use After Free vulnerability in Rust-Lang Rust 1.48.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

rust-lang

CWE-416

NVD

Published: 2021-04-11

Updated: 2021-04-26

Summary

In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.

Vulnerable Configurations

Part	Description	Count
Application	Rust-Lang Rust Lang Rust 1.48.0	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/rust-lang/rust/issues/79808
https://github.com/rust-lang/rust/pull/79814