rustsec-2018-0001
Vulnerability from osv_rustsec
Published
2018-06-21 12:00
Modified
2023-06-13 13:10
Summary
An integer underflow could lead to panic
Details

A mistake in error handling in untrusted before 0.6.2 could lead to an integer underflow and panic if a user of the crate didn't properly check for errors returned by untrusted.

Combination of these two programming errors (one in untrusted and another by user of this crate) could lead to a panic and maybe a denial of service of affected software.

The error in untrusted is fixed in release 0.6.2 released 2018-06-21. It's also advisable that users of untrusted check for their sources for cases where errors returned by untrusted are not handled correctly.

To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "categories": [],
        "cvss": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "informational": null
      },
      "ecosystem_specific": {
        "affected_functions": null,
        "affects": {
          "arch": [],
          "functions": [],
          "os": []
        }
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "untrusted",
        "purl": "pkg:cargo/untrusted"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0-0"
            },
            {
              "fixed": "0.6.2"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "versions": []
    }
  ],
  "aliases": [
    "CVE-2018-20989",
    "GHSA-wq8f-46ww-6c2h"
  ],
  "database_specific": {
    "license": "CC0-1.0"
  },
  "details": "A mistake in error handling in untrusted before 0.6.2 could lead to an integer\nunderflow and panic if a user of the crate didn\u0027t properly check for errors\nreturned by untrusted.\n\nCombination of these two programming errors (one in untrusted and another by\nuser of this crate) could lead to a panic and maybe a denial of service of\naffected software.\n\nThe error in untrusted is fixed in release 0.6.2 released 2018-06-21. It\u0027s also\nadvisable that users of untrusted check for their sources for cases where errors\nreturned by untrusted are not handled correctly.",
  "id": "RUSTSEC-2018-0001",
  "modified": "2023-06-13T13:10:24Z",
  "published": "2018-06-21T12:00:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://crates.io/crates/untrusted"
    },
    {
      "type": "ADVISORY",
      "url": "https://rustsec.org/advisories/RUSTSEC-2018-0001.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/briansmith/untrusted/pull/20"
    }
  ],
  "related": [],
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "An integer underflow could lead to panic"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.