CVE-2020-35893

Published: Dec 31, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory.

Affected (1)

Products: Simple Slab Project: Simple Slab

Simple Slab Project

1 product

Simple Slab

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Simple Slab Project Simple Slab	Before 0.3.3

Related CWEs

CWE-193

Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

CWE-908

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (2)

https://rustsec.org/advisories/RUSTSEC-2020-0039.html

Source: cve@mitre.org

Third Party Advisory

https://rustsec.org/advisories/RUSTSEC-2020-0039.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.