Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1tN3YtdnB2OC14ZmMz

Critical EPSS: 0.00425% (0.61006 Percentile) EPSS:
Permalink JSON

Double free in smallvec

Affected Packages Affected Versions Fixed Versions
cargo:smallvec >= 0.6.5, < 0.6.10 0.6.10
1,616 Dependent packages
67,564 Dependent repositories
462,121,101 Downloads total

Affected Version Ranges

All affected versions

0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9

All unaffected versions

0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.2.0, 0.2.1, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.5.0, 0.5.1, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.10, 0.6.11, 0.6.12, 0.6.13, 0.6.14, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.6.0, 1.6.1, 1.7.0, 1.8.0, 1.8.1, 1.9.0, 1.10.0, 1.11.0, 1.11.1, 1.11.2, 1.12.0, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.15.1

Attempting to call grow on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution.

References:

Identifiers

GHSA-mm7v-vpv8-xfc3

CVE-2019-15551

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00425

EPSS Percentile: 0.61006

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/servo/rust-smallvec

Date and time

Published

almost 4 years ago

Updated

about 2 years ago

API

JSON