Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS03eDM2LWg2Mnctdnc2Nc0frA

Critical EPSS: 0.00363% (0.5758 Percentile) EPSS:
Permalink JSON

Out-of-bounds Write in actix-web

Affected Packages Affected Versions Fixed Versions
cargo:actix-web < 0.7.15 0.7.15
1,049 Dependent packages
6,843 Dependent repositories
36,111,767 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.2.1, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.5.7, 0.5.8, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.6.10, 0.6.11, 0.6.12, 0.6.13, 0.6.14, 0.6.15, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.7.11, 0.7.12, 0.7.13, 0.7.14

All unaffected versions

0.7.15, 0.7.16, 0.7.17, 0.7.18, 0.7.19, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 2.0.0, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.2.1, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.6.0, 4.7.0, 4.8.0, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.11.0

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.

References:

Identifiers

GHSA-7x36-h62w-vw65

CVE-2018-25026

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00363

EPSS Percentile: 0.5758

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/actix/actix-web

Date and time

Published

over 3 years ago

Updated

about 2 years ago

API

JSON