Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxOGYtNDZ3dy02YzJo

Integer underflow in untrusted

A mistake in error handling in untrusted before 0.6.2 could lead to an integer underflow and panic if a user of the crate didn't properly check for errors returned by untrusted. Combination of these two programming errors (one in untrusted and another by user of this crate) could lead to a panic and maybe a denial of service of affected software. The error in untrusted is fixed in release 0.6.2 released 2018-06-21. It's also advisable that users of untrusted check for their sources for cases where errors returned by untrusted are not handled correctly.

Permalink: https://github.com/advisories/GHSA-wq8f-46ww-6c2h
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxOGYtNDZ3dy02YzJo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 3 years ago
Updated: over 1 year ago


CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Percentage: 0.00103
EPSS Percentile: 0.43507

Identifiers: GHSA-wq8f-46ww-6c2h, CVE-2018-20989
References: Repository: https://github.com/briansmith/untrusted
Blast Radius: 32.4

Affected Packages

cargo:untrusted
Dependent packages: 117
Dependent repositories: 20,963
Downloads: 172,047,465 total
Affected Version Ranges: < 0.6.2
Fixed in: 0.6.2
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.3.2, 0.5.0, 0.5.1, 0.6.0, 0.6.1
All unaffected versions: 0.6.2, 0.7.0, 0.7.1, 0.8.0, 0.9.0