Use-After-Free Vulnerability in Tremor-Script for Rust
CVE-2021-45701

9.8CRITICAL

Key Information:

Vendor: Linux
Status: Tremor-script
Vendor: CVE Published:; 27 December 2021

Summary

An issue has been identified in the Tremor-Script crate prior to version 0.11.6, where a flawed patch operation may lead to a use-after-free condition. This vulnerability potentially allows an attacker to exploit the software, leading to unexpected behaviors or compromising the stability of applications that rely on this crate.

References

https://rustsec.org/advisories/RUSTSEC-2021-0111.html

x_refsource_MISC

https://raw.githubusercontent.com/rustsec/advisory-db/mai...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 27, 2021
Vulnerability Reserved
Dec 26, 2021