Double Drop Vulnerability in Containers Crate for Rust
CVE-2021-25907

9.8CRITICAL

Key Information:

Vendor: Containers Project
Status: Containers
Vendor: CVE Published:; 26 January 2021

🔔 Create Containers Project Vulnerability Alert

What is CVE-2021-25907?

A vulnerability has been identified in the containers crate for Rust, specifically before version 0.9.11. This issue arises during panic situations, where a double drop can occur due to improper handling in the util::{mutate, mutate2} functions. This flaw can lead to unexpected behavior and resource management errors, potentially compromising the integrity of applications utilizing this crate. Developers should review their error handling strategies and upgrade to the patched version to mitigate associated risks.

References

https://rustsec.org/advisories/RUSTSEC-2021-0010.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2021
Vulnerability Reserved
Jan 22, 2021

CVE-2021-25907 Data

JSON