Vulnerability Details : CVE-2020-36215
An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.
Vulnerability category: Memory Corruption
Products affected by CVE-2020-36215
- cpe:2.3:a:hashconsing_project:hashconsing:*:*:*:*:*:rust:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-36215
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-36215
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-36215
-
The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.Assigned by: nvd@nist.gov (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-36215
-
https://rustsec.org/advisories/RUSTSEC-2020-0107.html
RUSTSEC-2020-0107: hashconsing: hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait. › RustSec Advisory DatabaseExploit;Vendor Advisory
Jump to