CVE-2020-35901 — Use After Free in Actix-http

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 31

Latest updateAug 25

Description

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

▶crates.ioactix/actix-http0.0.0-0 — 2.0.0-alpha.1+1

OSV

Use-after-free in actix-http↗2021-08-25

▶

GHSA

Use-after-free in actix-http↗2021-08-25

▶

OSV

Use-after-free in BodyStream due to lack of pinning↗2020-01-24

▶

arXiv

Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs↗2021-02-25

▶