Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1MnAtcmh2cS03Zzc4

High EPSS: 0.0039% (0.59524 Percentile) EPSS:
Permalink JSON

Null pointer deference in av-data

Affected Packages Affected Versions Fixed Versions
cargo:av-data
PURL: pkg:cargo/av-data
< 0.3.0 0.3.0
8 Dependent packages
22 Dependent repositories
712,104 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.2.1, 0.2.2

All unaffected versions

0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4

An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.

References:

Identifiers

GHSA-352p-rhvq-7g78

CVE-2021-25904

Risk

Severity

High

EPSS

EPSS Percentage: 0.0039

EPSS Percentile: 0.59524

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/rust-av/rust-av

Date and time

Published

about 4 years ago

Updated

almost 3 years ago

API

JSON