Vulnerability CVE-2020-35906

Vulnerability CVE-2020-35906

Published: 2020-12-31

Description:

An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation.

Type:

CWE-416

(Use After Free)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.2/10	10/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Rust-lang -> Futures-task

References:

https://rustsec.org/advisories/RUSTSEC-2020-0060.html

Copyright 2024, cxsecurity.com