CVE-2020-35876: Use after free in rio
9.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.65384%
CWE
Published
8/25/2021
Updated
1/9/2023
KEV Status
No
Technology
Rust
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
rio | rust | <= 0.9.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The core vulnerability stems from rio::Completion
's reliance on its Drop
implementation to synchronize I/O completion. The advisory explicitly states leaking this struct (preventing drop()
from running) allows unsafe buffer access. While specific I/O initiation functions (like read()
/write()
) return Completion
objects, the root cause is the Drop
implementation's critical safety role being bypassable through leakage. The structured was explicitly called out in advisories and PR discussions about soundness.