Vulnerability Details CVE-2021-26951
An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2021-26951
-
cpe:2.3:a:calamine_project:calamine:-
-
cpe:2.3:a:calamine_project:calamine:0.13.1
-
cpe:2.3:a:calamine_project:calamine:0.14
-
cpe:2.3:a:calamine_project:calamine:0.14.1
-
cpe:2.3:a:calamine_project:calamine:0.14.10
-
cpe:2.3:a:calamine_project:calamine:0.14.2
-
cpe:2.3:a:calamine_project:calamine:0.14.3
-
cpe:2.3:a:calamine_project:calamine:0.14.4
-
cpe:2.3:a:calamine_project:calamine:0.14.6
-
cpe:2.3:a:calamine_project:calamine:0.14.7
-
cpe:2.3:a:calamine_project:calamine:0.14.8
-
cpe:2.3:a:calamine_project:calamine:0.14.9
-
cpe:2.3:a:calamine_project:calamine:0.15.0
-
cpe:2.3:a:calamine_project:calamine:0.15.1
-
cpe:2.3:a:calamine_project:calamine:0.15.2
-
cpe:2.3:a:calamine_project:calamine:0.15.3
-
cpe:2.3:a:calamine_project:calamine:0.15.4
-
cpe:2.3:a:calamine_project:calamine:0.15.5
-
cpe:2.3:a:calamine_project:calamine:0.15.6
-
cpe:2.3:a:calamine_project:calamine:0.16.0
-
cpe:2.3:a:calamine_project:calamine:0.16.1
-
cpe:2.3:a:calamine_project:calamine:0.16.2