CVE-2020-36318 - log back

CVE-2020-36318 edited at 12 Apr 2021 09:45:07
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
References
+ https://github.com/rust-lang/rust/issues/79808
+ https://github.com/rust-lang/rust/pull/79814
+ https://github.com/rust-lang/rust/commit/d32c320d7eee56706486fef6be778495303afe9e
+ https://github.com/rust-lang/rust/commit/527934d15cfbcfa2f92c63acd390b935143d2c05
Notes
CVE-2020-36318 created at 12 Apr 2021 09:41:29