Vulnerabilities > CVE-2020-36464 - Use After Free vulnerability in Heapless Project Heapless

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

heapless-project

CWE-416

NVD

Published: 2021-08-08

Updated: 2021-08-16

Summary

An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.

Vulnerable Configurations

Part	Description	Count
Application	Heapless_Project Heapless Project Heapless *	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://rustsec.org/advisories/RUSTSEC-2020-0145.html
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/heapless/RUSTSEC-2020-0145.md