CVE-2020-35922Reliance on Data/Memory Layout in Rust-mio

CWE-188Reliance on Data/Memory Layout6 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 77.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MIO Project MIODebian Rust-mio
Timeline
PublishedDec 31
Latest updateAug 25

Description

An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDmio_project/mio0.7.00.7.6
crates.iomio_project/mio0.7.00.7.6

🔴Vulnerability Details

4
OSV
mio invalidly assumes the memory layout of std::net::SocketAddr2021-08-25
GHSA
mio invalidly assumes the memory layout of std::net::SocketAddr2021-08-25
OSV
CVE-2020-35922: An issue was discovered in the mio crate before 02020-12-31
OSV
`mio` invalidly assumes the memory layout of std::net::SocketAddr2020-11-02

📋Vendor Advisories

1
Debian
CVE-2020-35922: rust-mio - An issue was discovered in the mio crate before 0.7.6 for Rust. It has false exp...2020
CVE-2020-35922 — Reliance on Data/Memory Layout | cvebase