平台
rust
组件
smallvec
修复版本
0.6.3
0.3.4
0.3.4
0.3.4
CVE-2018-20991 describes a double-free vulnerability discovered in the smallvec Rust library. This flaw arises when an iterator passed to SmallVec::insert_many panics during Iterator::next, leading to destructors being run on an inconsistent vector state. Affected versions are those prior to 0.3.4; the vulnerability is resolved in version 0.3.4 by preventing length updates until items are removed.
The primary impact of CVE-2018-20991 is the potential for application crashes due to memory corruption. A double-free occurs when the same memory location is freed twice, leading to unpredictable behavior and potentially allowing an attacker to trigger a denial-of-service. While the fix prevents double drops, items may be leaked if Iterator::next panics, representing a potential information leak. This vulnerability is particularly concerning in Rust applications relying on smallvec for efficient small vector implementations, as it can undermine memory safety guarantees.
This vulnerability was publicly disclosed on July 19, 2018. There is no indication of active exploitation campaigns targeting this specific CVE. While a public proof-of-concept is not readily available, the nature of the double-free vulnerability makes it potentially exploitable. The vulnerability is not currently listed on the CISA KEV catalog.
Applications written in Rust that utilize the smallvec library, particularly those relying on SmallVec::insert_many for efficient data storage, are at risk. Projects using older versions of smallvec as a dependency, especially those with limited testing or error handling, are particularly vulnerable.
disclosure
漏洞利用状态
EPSS
0.43% (62% 百分位)
CVSS 向量
The recommended mitigation for CVE-2018-20991 is to immediately upgrade the smallvec dependency to version 0.3.4 or later. If upgrading is not feasible due to compatibility issues, consider temporarily disabling features that heavily utilize SmallVec::insertmany to reduce the attack surface. While a direct WAF or proxy rule is not applicable, ensuring robust error handling and memory safety practices within the application can help prevent exploitation. After upgrading, confirm the fix by running tests that specifically exercise SmallVec::insertmany and verify that no double-free errors occur during unwinding.
暂无官方补丁。请查找临时解决方案或持续关注更新。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2018-20991 is a critical vulnerability in the smallvec Rust library where iterator panics can lead to double-free errors, potentially causing crashes.
You are affected if your project uses smallvec versions prior to 0.3.4. Check your dependencies to determine if an upgrade is needed.
Upgrade the smallvec dependency to version 0.3.4 or later to resolve this double-free vulnerability.
There is no current evidence of active exploitation campaigns targeting CVE-2018-20991, but the vulnerability's nature makes it potentially exploitable.
Refer to the smallvec project's release notes and GitHub repository for information regarding this vulnerability and the fix: https://github.com/blusso/smallvec
上传你的 Cargo.lock 文件,立即知道是否受影响。