CVE-2020-36464

EUVD-2021-1844
An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
heapless_projectheapless
𝑥
< 0.6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/heapless/RUSTSEC-2020-0145.md
https://rustsec.org/advisories/RUSTSEC-2020-0145.html
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/heapless/RUSTSEC-2020-0145.md
https://rustsec.org/advisories/RUSTSEC-2020-0145.html