Miggo Logo
Miggo Vulnerability Database
CVE-2020-35877

CVE-2020-35877: Out of bounds read in Ozone

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-35877
GHSA ID
GHSA-p2q9-9cq6-h3jw
EPSS Score
0.61972%
CWE
CWE-119
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
ozonerust<= 0.1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The RustSec advisory explicitly references two code locations:

  1. src/buffer.rs lines 38-48 shows buffer offset calculation without proper bounds checking
  2. src/map.rs lines 94-101 demonstrates unsafe handling of uninitialized memory during drop Both patterns directly violate memory safety principles and match the CWE-119 description of improper memory buffer operations. The buffer access in particular aligns with the CVE's specific out-of-bounds read description, while the map drop issue represents a related memory safety violation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** ozon* *r*t* t*rou** v*rsion *.*.* *or Rust. M*mory s***ty is viol*t** ****us* o* out-o*-*oun*s ****ss.

Reasoning

T** RustS** **visory *xpli*itly r***r*n**s two *o** lo**tions: *. sr*/*u***r.rs lin*s **-** s*ows *u***r o**s*t **l*ul*tion wit*out prop*r *oun*s ****kin* *. sr*/m*p.rs lin*s **-*** **monstr*t*s uns*** **n*lin* o* uniniti*liz** m*mory *urin* *rop *ot