Vulnerability Details CVE-2020-36443
An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/libp2p-deflate/RUSTSEC-2020-0123.md
- https://rustsec.org/advisories/RUSTSEC-2020-0123.html
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/libp2p-deflate/RUSTSEC-2020-0123.md
- https://rustsec.org/advisories/RUSTSEC-2020-0123.html
Products affected by CVE-2020-36443
-
cpe:2.3:a:libp2p:libp2p-deflate:0.1.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.16.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.17.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.18.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.19.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.19.1
-
cpe:2.3:a:libp2p:libp2p-deflate:0.19.2
-
cpe:2.3:a:libp2p:libp2p-deflate:0.2.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.20.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.21.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.22.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.23.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.24.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.25.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.26.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.27.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.3.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.4.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.5.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.6.0
-
cpe:2.3:a:libp2p:libp2p-deflate:0.7.0