hello-world.rs icon indicating copy to clipboard operation
hello-world.rs copied to clipboard

Published 20 hours ago • verified publisher icon mTvare6

CVE-2021-29938 (High) detected in slice-deque-0.3.0.crate

Open mend-bolt-for-github[bot] opened this issue 4 years ago • 0 comments
trafficstars

CVE-2021-29938 - High Severity Vulnerability

Vulnerable Library - slice-deque-0.3.0.crate

A double-ended queue that Deref's into a slice.

Library home page: https://crates.io/api/v1/crates/slice-deque/0.3.0/download

Dependency Hierarchy:

  • amethyst-0.15.3.crate (Root Library)
    • amethyst_ui-0.15.3.crate
      • amethyst_audio-0.15.3.crate
        • rodio-0.11.0.crate
          • minimp3-0.3.5.crate
            • :x: slice-deque-0.3.0.crate (Vulnerable Library)

Found in HEAD commit: a5a175063bd51fcbbce0eaba88d1b9b6ad315911

Found in base branch: master

Vulnerability Details

An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function.

Publish Date: 2021-04-01

URL: CVE-2021-29938

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Sep 27 '21 15:09 mend-bolt-for-github[bot]