7.5

CVSS Score

Basic Information

CVE ID

CVE-2019-16882

GHSA ID

GHSA-49fq-pw77-6qxj

EPSS Score

CWE

CWE-416

Published

8/25/2021

Updated

6/13/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-16882

CVE-2019-16882:
Use after free in string-interner

Affected versions of this crate did not clone contained strings when an interner is cloned. Interners have raw pointers to the contained strings, and they keep pointing the strings which the old interner owns, after the interner is cloned. If a new cloned interner is alive and the old original interner is dead, the new interner has dangling pointers to the old interner's storage, which is already dropped.

This allows an attacker to read the already freed memory. The dangling pointers are used by the interners to check a string is already interned. An attacker can do brute force attack to get the data pointed by the dangling pointer.

(GitHub Advisory)

7.5

CVSS Score

Basic Information

CVE ID

CVE-2019-16882

GHSA ID

GHSA-49fq-pw77-6qxj

EPSS Score

CWE

CWE-416

Published

8/25/2021

Updated

6/13/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
string-interner	rust	>= 0.7.0, < 0.7.1	0.7.1
string-interner	rust	< 0.6.4	0.6.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from using #[derive(Clone)] which created a shallow copy of the internal HashMap containing raw pointers (InternalStrRef). These pointers referenced the original interner's Box<str> allocations. When the original interner was dropped, cloned interners' pointers became invalid. The fix involved manually implementing Clone to rebuild the HashMap with fresh pointers pointing to newly cloned string allocations, proving the derived implementation was unsafe. The commit explicitly removes the derive macro and adds a safe manual implementation, confirming the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* t*is *r*t* *i* not *lon* *ont*in** strin*s w**n *n int*rn*r is *lon**. Int*rn*rs **v* r*w point*rs to t** *ont*in** strin*s, *n* t**y k**p pointin* t** strin*s w*i** t** ol* int*rn*r owns, **t*r t** int*rn*r is *lon**. I* * n*w *

Reasoning

T** vuln*r**ility st*mm** *rom usin* #[**riv*(*lon*)] w*i** *r**t** * s**llow *opy o* t** int*rn*l **s*M*p *ont*inin* r*w point*rs (Int*rn*lStrR**). T**s* point*rs r***r*n*** t** ori*in*l int*rn*r's *ox<str> *llo**tions. W**n t** ori*in*l int*rn*r w*

7.5

Basic Information

Concerned about an active attack path?

CVE-2019-16882: Use after free in string-interner

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2019-16882:
Use after free in string-interner

Vulnerability Intelligence
Miggo AI