Vulnerability Details CVE-2020-35861
An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-35861
-
cpe:2.3:a:bumpalo_project:bumpalo:3.0.0
-
cpe:2.3:a:bumpalo_project:bumpalo:3.1.0
-
cpe:2.3:a:bumpalo_project:bumpalo:3.1.1
-
cpe:2.3:a:bumpalo_project:bumpalo:3.1.2
-
cpe:2.3:a:bumpalo_project:bumpalo:3.2.0