CVE-2020-35711

EUVD-2022-3426
An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
arc-swap_projectarc-swap
𝑥
< 0.4.8
arc-swap_projectarc-swap
1.0.0 ≤
𝑥
< 1.1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rust-arc-swap
bookworm
1.5.1-1
fixed
bullseye
0.4.8-2
fixed
buster
no-dsa
sid
1.7.1-1
fixed
trixie
1.7.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rust-arc-swap
bionic
dne
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
dne
References
https://github.com/vorner/arc-swap/issues/45
https://rustsec.org/advisories/RUSTSEC-2020-0091.html
https://github.com/vorner/arc-swap/issues/45
https://rustsec.org/advisories/RUSTSEC-2020-0091.html