Vulnerabilities > CVE-2024-27284 - Use After Free vulnerability in Cassandra-Rs Project Cassandra-Rs

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cassandra-rs-project

CWE-416

NVD

Published: 2024-02-29

Updated: 2025-04-01

Summary

cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0.

Vulnerable Configurations

Part	Description	Count
Application	Cassandra-Rs_Project Cassandra RS Project Cassandra RS *	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7
https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7
https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq
https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq