An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.
References
Link | Resource |
---|---|
https://github.com/servo/rust-smallvec/commit/e64afc8c473d43e375ab42bd33db2d0d4ac4e41b | |
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/smallvec/RUSTSEC-2018-0018.md | Third Party Advisory |
https://rustsec.org/advisories/RUSTSEC-2018-0018.html | Exploit Issue Tracking Third Party Advisory |
Configurations
History
07 Dec 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jan 2022, 15:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:servo:smallvec:*:*:*:*:*:rust:*:* | |
First Time |
Servo smallvec
Servo |
|
References | (MISC) https://rustsec.org/advisories/RUSTSEC-2018-0018.html - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/smallvec/RUSTSEC-2018-0018.md - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-908 |
27 Dec 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-27 00:15
Updated : 2023-12-10 14:09
NVD link : CVE-2018-25023
Mitre link : CVE-2018-25023
CVE.ORG link : CVE-2018-25023
JSON object : View
Products Affected
servo
- smallvec
CWE
CWE-908
Use of Uninitialized Resource