Vulnerability Details CVE-2021-45681
An issue was discovered in the derive-com-impl crate before 0.1.2 for Rust. An invalid reference (and memory corruption) can occur because AddRef might not be called before returning a pointer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/derive-com-impl/RUSTSEC-2021-0083.md
- https://rustsec.org/advisories/RUSTSEC-2021-0083.html
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/derive-com-impl/RUSTSEC-2021-0083.md
- https://rustsec.org/advisories/RUSTSEC-2021-0083.html
Products affected by CVE-2021-45681
-
cpe:2.3:a:derive-com-impl_project:derive-com-impl:-
-
cpe:2.3:a:derive-com-impl_project:derive-com-impl:0.1.0
-
cpe:2.3:a:derive-com-impl_project:derive-com-impl:0.1.1