Miggo Logo
Miggo Vulnerability Database
CVE-2020-35876

CVE-2020-35876: Use after free in rio

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-35876
GHSA ID
GHSA-8rc5-mr4f-m243
EPSS Score
0.65384%
CWE
CWE-416
Published
8/25/2021
Updated
1/9/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
riorust<= 0.9.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The core vulnerability stems from rio::Completion's reliance on its Drop implementation to synchronize I/O completion. The advisory explicitly states leaking this struct (preventing drop() from running) allows unsafe buffer access. While specific I/O initiation functions (like read()/write()) return Completion objects, the root cause is the Drop implementation's critical safety role being bypassable through leakage. The structured was explicitly called out in advisories and PR discussions about soundness.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** rio *r*t* t*rou** ****-**-** *or Rust. * stru*t **n ** l**k**, *llowin* *tt**k*rs to o*t*in s*nsitiv* in*orm*tion, **us* * us*-**t*r-*r**, or **us* * **t* r***.

Reasoning

T** *or* vuln*r**ility st*ms *rom `rio::*ompl*tion`'s r*li*n** on its `*rop` impl*m*nt*tion to syn**roniz* I/O *ompl*tion. T** **visory *xpli*itly st*t*s l**kin* t*is stru*t (pr*v*ntin* `*rop()` *rom runnin*) *llows uns*** *u***r ****ss. W*il* sp**i*