Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1mZ2ZtLWhxanctMzI2Nc0frQ

Critical EPSS: 0.00363% (0.5758 Percentile) EPSS:
Permalink JSON

Out-of-bounds Write in actix-web

Affected Packages Affected Versions Fixed Versions
cargo:actix-web < 0.7.15 0.7.15
1,049 Dependent packages
6,843 Dependent repositories
36,111,767 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.2.1, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.5.7, 0.5.8, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.6.10, 0.6.11, 0.6.12, 0.6.13, 0.6.14, 0.6.15, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.7.11, 0.7.12, 0.7.13, 0.7.14

All unaffected versions

0.7.15, 0.7.16, 0.7.17, 0.7.18, 0.7.19, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 2.0.0, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.2.1, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.6.0, 4.7.0, 4.8.0, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.11.0

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.

References:

Identifiers

GHSA-fgfm-hqjw-3265

CVE-2018-25025

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00363

EPSS Percentile: 0.5758

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/actix/actix-web

Date and time

Published

over 3 years ago

Updated

about 2 years ago

API

JSON