CVE-2018-25026

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
Configurations

Configuration 1 (hide)

cpe:2.3:a:actix:actix-web:*:*:*:*:*:rust:*:*

History

21 Nov 2024, 04:03

Type Values Removed Values Added
References () https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-web/RUSTSEC-2018-0019.md - Third Party Advisory () https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-web/RUSTSEC-2018-0019.md - Third Party Advisory
References () https://rustsec.org/advisories/RUSTSEC-2018-0019.html - Issue Tracking, Third Party Advisory () https://rustsec.org/advisories/RUSTSEC-2018-0019.html - Issue Tracking, Third Party Advisory

05 Jan 2022, 15:31

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
References (MISC) https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-web/RUSTSEC-2018-0019.md - (MISC) https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-web/RUSTSEC-2018-0019.md - Third Party Advisory
References (MISC) https://rustsec.org/advisories/RUSTSEC-2018-0019.html - (MISC) https://rustsec.org/advisories/RUSTSEC-2018-0019.html - Issue Tracking, Third Party Advisory
CWE CWE-787
CPE cpe:2.3:a:actix:actix-web:*:*:*:*:*:rust:*:*

27 Dec 2021, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-27 00:15

Updated : 2024-11-21 04:03


NVD link : CVE-2018-25026

Mitre link : CVE-2018-25026

CVE.ORG link : CVE-2018-25026


JSON object : View

Products Affected

actix

  • actix-web
CWE
CWE-787

Out-of-bounds Write