CVE-2024-58265 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.1 LOW	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
mitre	CNA	3.1 LOW				CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Affected Products (NVD)

Vendor	Product	Version
mcginty	snow	𝑥 < 0.9.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

rust-snow

forky	0.9.6-6 fixed
sid	0.9.6-6 fixed
trixie	0.9.6-6 fixed

Ubuntu Releases

Ubuntu Product

Codename

rust-snow

jammy	dne
noble	needs-triage
plucky	needs-triage
questing	needs-triage

Common Weakness Enumeration

CWE-642 - External Control of Critical State Data
The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.

References

https://crates.io/crates/snow

https://github.com/mcginty/snow/security/advisories/GHSA-7g9j-g5jg-3vv3

https://rustsec.org/advisories/RUSTSEC-2024-0011.html