Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoZnItdjR3OS00NXY4

Improper Input Validation in renderdoc

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected and unpredictable behavior. The flaw was corrected in release 0.5.0.

Permalink: https://github.com/advisories/GHSA-vhfr-v4w9-45v8
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoZnItdjR3OS00NXY4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 3 years ago
Updated: over 1 year ago


CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Percentage: 0.00306
EPSS Percentile: 0.70501

Identifiers: GHSA-vhfr-v4w9-45v8, CVE-2019-16142
References: Repository: https://github.com/ebkalderon/renderdoc-rs
Blast Radius: 12.5

Affected Packages

cargo:renderdoc
Dependent packages: 4
Dependent repositories: 19
Downloads: 106,728 total
Affected Version Ranges: < 0.5.0
Fixed in: 0.5.0
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.4.0
All unaffected versions: 0.5.0, 0.6.0, 0.7.0, 0.7.1, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.10.0, 0.10.1, 0.11.0, 0.12.0, 0.12.1