CVE-2017-20004

Description


In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.

Related CPE's


References


PatchThird Party Advisory

PatchThird Party Advisory

CvssV3 impact


BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

HIGH

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

5.9

VectorString

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact


AccessComplexity

MEDIUM

ConfidentialityImpact

NONE

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

4.3

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE