Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2020-36318

Published: 11/04/2021 Updated: 26/04/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Rust

Vulnerability Summary

In the standard library in Rust prior to 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rust-lang rust

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2021-28875 CVE-2021-28876 CVE-2021-28877 CVE-2021-28878 CVE-2021-28879 CVE-2020-36317 CVE-2020-36318
Debian Bug report logs - #986803 CVE-2021-28875 CVE-2021-28876 CVE-2021-28877 CVE-2021-28878 CVE-2021-28879 CVE-2020-36317 CVE-2020-36318 Package: rustc; Maintainer for rustc is Debian Rust Maintainers <pkg-rust-maintainers@alioth-listsdebiannet>; Source for rustc is src:rustc (PTS, buildd, popcon) Reported by: Moritz Mueh ...
Arch Linux Issues:
In the standard library in Rust before 1490, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition This bug could result in a use-after-free or double free ...

Github Repositories

https://github.com/Ainevsia/HF2022-vdq-mva-fpbe-static

2022数字中国创新大赛虎符网络安全赛道 初赛4道赛题 vdq-mva-fpbe-static

HF2022-vdq-mva-fpbe-static 2022数字中国创新大赛虎符网络安全赛道初赛 出题人wp vdq(2 solves) Rust CVE-2020-36318 利用 mva(10 solves) 一个简单的VM pwn fpbe(87 solves) 一个libbpf-bootstrap所写的ebpf程序 static(6 solves) EVM gas相关

https://github.com/shubhamkulkarni97/CVE-Presentations

Set of CVE presentations for Hacking101

CVE Presentations Set of CVE presentations for 18-739D: Special Topics in Security: Hacking 101 course at CMU CVE-2020-36318 First CVE is a buffer overflow vulnerability in the Rust standard library make_contiguous in the standard library has a bug that pops the same element more than once under specific conditions This results in double free scenarios Rust claims to be a

References

CWE-415CWE-416https://github.com/rust-lang/rust/issues/79808https://github.com/rust-lang/rust/pull/79814https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803https://github.com/Ainevsia/HF2022-vdq-mva-fpbe-static
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook