Vulnerability Details : CVE-2019-16141
An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2019-16141
Probability of exploitation activity in the next 30 days: 0.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 48 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-16141
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-16141
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-16141
-
https://rustsec.org/advisories/RUSTSEC-2019-0017.html
RUSTSEC-2019-0017: once_cell: Panic during initialization of Lazy<T> might trigger undefined behavior › RustSec Advisory DatabaseThird Party Advisory
-
https://github.com/matklad/once_cell/issues/46
Lazy can cause UB when initialization fails, and program retries initialization · Issue #46 · matklad/once_cell · GitHubThird Party Advisory
Products affected by CVE-2019-16141
- cpe:2.3:a:once_cell_project:once_cell:*:*:*:*:*:*:*:*