CVE-2019-15554

Published: Aug 26, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.

Affected (1)

Products: Servo: Smallvec

Servo

1 product

Smallvec

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Servo Smallvec	From 0.6.3 to 0.6.10

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://github.com/servo/rust-smallvec/issues/149

Source: cve@mitre.org

PatchThird Party Advisory

https://rustsec.org/advisories/RUSTSEC-2019-0012.html

Source: cve@mitre.org

Third Party Advisory

https://github.com/servo/rust-smallvec/issues/149

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://rustsec.org/advisories/RUSTSEC-2019-0012.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.