An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
References
Link | Resource |
---|---|
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-web/RUSTSEC-2018-0019.md | Third Party Advisory |
https://rustsec.org/advisories/RUSTSEC-2018-0019.html | Issue Tracking Third Party Advisory |
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-web/RUSTSEC-2018-0019.md | Third Party Advisory |
https://rustsec.org/advisories/RUSTSEC-2018-0019.html | Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 04:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-web/RUSTSEC-2018-0019.md - Third Party Advisory | |
References | () https://rustsec.org/advisories/RUSTSEC-2018-0019.html - Issue Tracking, Third Party Advisory |
05 Jan 2022, 15:31
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (MISC) https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-web/RUSTSEC-2018-0019.md - Third Party Advisory | |
References | (MISC) https://rustsec.org/advisories/RUSTSEC-2018-0019.html - Issue Tracking, Third Party Advisory | |
CWE | CWE-787 | |
CPE | cpe:2.3:a:actix:actix-web:*:*:*:*:*:rust:*:* |
27 Dec 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-27 00:15
Updated : 2024-11-21 04:03
NVD link : CVE-2018-25026
Mitre link : CVE-2018-25026
CVE.ORG link : CVE-2018-25026
JSON object : View
Products Affected
actix
- actix-web
CWE
CWE-787
Out-of-bounds Write