Vulnerabilities > CVE-2021-27377 - Use After Free vulnerability in Yottadb

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

yottadb

CWE-416

critical

NVD

Published: 2021-02-18

Updated: 2021-02-25

Summary

An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free.

Vulnerable Configurations

Part	Description	Count
Application	Yottadb Yottadb Yottadb 0.2.0 Yottadb Yottadb 0.3.0 Yottadb Yottadb 1.0.0 Yottadb Yottadb 1.1.0	4

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://rustsec.org/advisories/RUSTSEC-2021-0022.html