CVE-2019-25010
published 2020-12-31CVE-2019-25010: An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden.
PriorityP339critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.47%
70.6th percentile
An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rust-failure | — | — |
| failure_project | failure | <= 0.1.8 | — |
| failure_project | failure | <= 0.1.5 | — |
| failure_project | failure | 0 – 0.1.8 | — |
| failure_project | failure | >= 0.0.0-0 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa9.8CRITICAL
osv9.8CRITICAL
vendor_debian9.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Type confusion if __private_get_type_id__ is overriden
osv·2022-06-16·CVSS 9.8
CVE-2019-25010 [CRITICAL] Type confusion if __private_get_type_id__ is overriden
Type confusion if __private_get_type_id__ is overriden
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010.
GHSA
Type confusion if __private_get_type_id__ is overriden
ghsa·2022-06-16·CVSS 9.8
CVE-2020-25575 [CRITICAL] CWE-843 Type confusion if __private_get_type_id__ is overriden
Type confusion if __private_get_type_id__ is overriden
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010.
GHSA
Rust Failure Crate Vulnerable to Type confusion
ghsa·2021-08-25
CVE-2019-25010 [CRITICAL] CWE-843 Rust Failure Crate Vulnerable to Type confusion
Rust Failure Crate Vulnerable to Type confusion
Safe Rust code can implement malfunctioning `__private_get_type_id__` and cause type confusion when downcasting, which is an undefined behavior.
Users who derive Fail trait are not affected.
OSV
Rust Failure Crate Vulnerable to Type confusion
osv·2021-08-25
CVE-2019-25010 [CRITICAL] Rust Failure Crate Vulnerable to Type confusion
Rust Failure Crate Vulnerable to Type confusion
Safe Rust code can implement malfunctioning `__private_get_type_id__` and cause type confusion when downcasting, which is an undefined behavior.
Users who derive Fail trait are not affected.
OSV
CVE-2019-25010: An issue was discovered in the failure crate through 2019-11-13 for Rust
osv·2020-12-31·CVSS 9.8
CVE-2019-25010 [CRITICAL] CVE-2019-25010: An issue was discovered in the failure crate through 2019-11-13 for Rust
An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden.
OSV
CVE-2020-25575: An issue was discovered in the failure crate through 0
osv·2020-09-14·CVSS 9.8
CVE-2020-25575 [CRITICAL] CVE-2020-25575: An issue was discovered in the failure crate through 0
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010
OSV
failure is officially deprecated/unmaintained
osv·2020-05-02
CVE-2019-25010 failure is officially deprecated/unmaintained
failure is officially deprecated/unmaintained
The `failure` crate is officially end-of-life: it has been marked as deprecated
by the former maintainer, who has announced that there will be no updates or
maintenance work on it going forward.
The following are some suggested actively developed alternatives to switch to:
- [`anyhow`](https://crates.io/crates/anyhow)
- [`eyre`](https://crates.io/crates/eyre)
- [`fehler`](https://crates.io/crates/fehler)
- [`snafu`](https://crates.io/crates/snafu)
- [`thiserror`](https://crates.io/crates/thiserror)
OSV
Type confusion if __private_get_type_id__ is overridden
osv·2019-11-13
CVE-2019-25010 Type confusion if __private_get_type_id__ is overridden
Type confusion if __private_get_type_id__ is overridden
Safe Rust code can implement malfunctioning `__private_get_type_id__` and cause
type confusion when downcasting, which is an undefined behavior.
Users who derive `Fail` trait are not affected.
Debian
CVE-2020-25575: rust-failure - An issue was discovered in the failure crate through 0.1.5 for Rust. It may intr...
vendor_debian·2020·CVSS 9.8
CVE-2020-25575 [CRITICAL] CVE-2020-25575: rust-failure - An issue was discovered in the failure crate through 0.1.5 for Rust. It may intr...
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010
Scope: local
bookworm: open
bullseye: open
Debian
CVE-2019-25010: rust-failure - An issue was discovered in the failure crate through 2019-11-13 for Rust. Type c...
vendor_debian·2019·CVSS 9.8
CVE-2019-25010 [CRITICAL] CVE-2019-25010: rust-failure - An issue was discovered in the failure crate through 2019-11-13 for Rust. Type c...
An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden.
Scope: local
bookworm: open
bullseye: open
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-12-31
Published