Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoZnItdjR3OS00NXY4
Improper Input Validation in renderdoc
Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected and unpredictable behavior. The flaw was corrected in release 0.5.0.
Permalink: https://github.com/advisories/GHSA-vhfr-v4w9-45v8JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoZnItdjR3OS00NXY4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: 11 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-vhfr-v4w9-45v8, CVE-2019-16142
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-16142
- https://github.com/ebkalderon/renderdoc-rs/pull/32
- https://rustsec.org/advisories/RUSTSEC-2019-0018.html
- https://github.com/advisories/GHSA-vhfr-v4w9-45v8
Blast Radius: 12.5
Affected Packages
cargo:renderdoc
Dependent packages: 3Dependent repositories: 19
Downloads: 64,592 total
Affected Version Ranges: < 0.5.0
Fixed in: 0.5.0
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.4.0
All unaffected versions: 0.5.0, 0.6.0, 0.7.0, 0.7.1, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.10.0, 0.10.1, 0.11.0, 0.12.0, 0.12.1