Miggo Logo
Miggo Vulnerability Database
CVE-2020-35874

CVE-2020-35874: Use after free in internment

8.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-35874
GHSA ID
GHSA-96w3-p368-4h8c
EPSS Score
0.59546%
CWE
CWE-362
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
internmentrust>= 0.3.12, < 0.4.00.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability directly references ArcIntern::drop in both the CVE description and GitHub advisory. The associated GitHub issue #11 explicitly points to the unsafe reference count decrement operation in this function as the race condition source. The fix involved adding proper synchronization during deallocation, confirming this was the vulnerable code path. The file path is derived from the code snippet shown in the GitHub issue discussion.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*r*Int*rn::*rop **s * r*** *on*ition w**r* it **n r*l**s* m*mory w*i** is **out to **t *not**r us*r. T** n*w us*r will **t * r***r*n** to *r*** m*mory. T*is w*s *ix** *y s*ri*lizin* ****ss to *n int*rn** o*j**t w*il* it is **in* ***llo**t**. V*rsio

Reasoning

T** vuln*r**ility *ir**tly r***r*n**s `*r*Int*rn::*rop` in *ot* t** *V* **s*ription *n* *it*u* **visory. T** *sso*i*t** *it*u* issu* #** *xpli*itly points to t** uns*** r***r*n** *ount ***r*m*nt op*r*tion in t*is *un*tion *s t** r*** *on*ition sour**