20210204

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

xcb-project

CWE-252

NVD

Published: 2021-02-09

Updated: 2021-02-18

Summary

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type.

Vulnerable Configurations

Part	Description	Count
Application	Xcb_Project XCB Project XCB - XCB Project XCB 2020-12-10 XCB Project XCB 2021-02-04	3

Common Weakness Enumeration (CWE)

CWE-252 - Unchecked Return Value

References

https://rustsec.org/advisories/RUSTSEC-2021-0019.html