Vulnerabilities > CVE-2021-28032 - Unspecified vulnerability in Nano Arena Project Nano Arena

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

nano-arena-project

NVD

Published: 2021-03-05

Updated: 2021-03-09

Summary

An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free.

Vulnerable Configurations

Part	Description	Count
Application	Nano_Arena_Project Nano Arena Project Nano Arena *	1

References

https://rustsec.org/advisories/RUSTSEC-2021-0031.html