Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS05cWo2LTRyZnEtdm04NM0frg

Critical EPSS: 0.00363% (0.5758 Percentile) EPSS:
Permalink JSON

Out-of-bounds Write in actix-web

Affected Packages Affected Versions Fixed Versions
cargo:actix-web < 0.7.15 0.7.15
1,049 Dependent packages
6,843 Dependent repositories
36,111,767 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.2.1, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.5.7, 0.5.8, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.6.10, 0.6.11, 0.6.12, 0.6.13, 0.6.14, 0.6.15, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.7.11, 0.7.12, 0.7.13, 0.7.14

All unaffected versions

0.7.15, 0.7.16, 0.7.17, 0.7.18, 0.7.19, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 2.0.0, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.2.1, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.6.0, 4.7.0, 4.8.0, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.11.0

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption.

References:

Identifiers

GHSA-9qj6-4rfq-vm84

CVE-2018-25024

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00363

EPSS Percentile: 0.5758

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/actix/actix-web

Date and time

Published

over 3 years ago

Updated

about 2 years ago

API

JSON