Memory Corruption Vulnerability in SmallVec for Rust by Rust Language Team
CVE-2019-15554

9.8CRITICAL

Key Information:

Vendor: Servo
Status: Smallvec
Vendor: CVE Published:; 26 August 2019

What is CVE-2019-15554?

A memory corruption issue exists in the SmallVec crate for Rust, prior to version 0.6.10. This vulnerability arises during certain grow attempts when the requested capacity is less than the current capacity, potentially leading to undefined behavior. Developers using this crate must ensure they are on a patched version to mitigate potential risks associated with this issue.

References

https://rustsec.org/advisories/RUSTSEC-2019-0012.html

x_refsource_MISC

https://github.com/servo/rust-smallvec/issues/149

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2019
Vulnerability Reserved
Aug 25, 2019

CVE-2019-15554 Data

JSON

Servo

What is CVE-2019-15554?

References

CVSS V3.1

Timeline