Miggo Logo
Miggo Vulnerability Database
CVE-2020-35891

CVE-2020-35891:
Double free in ordnung

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-35891
GHSA ID
GHSA-4wj3-p7hj-cvx8
EPSS Score
0.55713%
CWE
CWE-415
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
ordnungrust<= 0.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly identifies remove() as the source of double-free issues. The GitHub issue demonstrates that passing an invalid index to remove() triggers a panic after temporary vector allocation, leading to double-free during unwinding. The RustSec advisory specifically calls out remove()'s lack of panic safety. The code references in the issue (lines 139-152 of compact.rs) show unsafe temporary vector handling without proper guard conditions to prevent double-free scenarios.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** or*nun* *r*t* t*rou** v*rsion *.*.* *or Rust. *omp**t::V** viol*t*s m*mory s***ty vi* * r*mov*() *ou*l* *r**.

Reasoning

T** vuln*r**ility **s*ription *xpli*itly i**nti*i*s `r*mov*()` *s t** sour** o* *ou*l*-*r** issu*s. T** *it*u* issu* **monstr*t*s t**t p*ssin* *n inv*li* in**x to `r*mov*()` tri***rs * p*ni* **t*r t*mpor*ry v**tor *llo**tion, l***in* to *ou*l*-*r** *