CVE-2020-35711

An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
arc-swap_projectarc-swap
𝑥
< 0.4.8
arc-swap_projectarc-swap
1.0.0 ≤
𝑥
< 1.1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rust-arc-swap
bullseye
0.4.8-2
fixed
buster
no-dsa
bookworm
1.5.1-1
fixed
sid
1.7.1-1
fixed
trixie
1.7.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rust-arc-swap
noble
needed
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needed
impish
ignored
hirsute
ignored
groovy
ignored
focal
needed
bionic
dne
xenial
dne
trusty
dne
References
https://github.com/vorner/arc-swap/issues/45
https://rustsec.org/advisories/RUSTSEC-2020-0091.html
https://github.com/vorner/arc-swap/issues/45
https://rustsec.org/advisories/RUSTSEC-2020-0091.html