Miggo Logo
Miggo Vulnerability Database
CVE-2020-35900

CVE-2020-35900:
use-after-free vulnerability in Rust array-queue

5.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-35900
GHSA ID
GHSA-75cq-g75g-rxff
EPSS Score
0.19468%
CWE
CWE-416
Published
8/25/2021
Updated
1/9/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
array-queuerust>= 0.3.0, <= 0.3.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from line 98 in array_queue.rs where pop_back uses raw length-based indexing instead of the crate's index() method that handles circular buffer wrapping. Multiple advisories and the PoC demonstrate this leads to accessing invalid memory locations after elements are removed from both ends, creating use-after-free conditions. The unpatched versions' lack of proper index calculation confirms this as the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** *rr*y-qu*u* *r*t* t*rou** ****-**-** *or Rust. * pop_***k() **ll m*y l*** to * us*-**t*r-*r**.

Reasoning

T** vuln*r**ility st*ms *rom lin* ** in *rr*y_qu*u*.rs w**r* pop_***k us*s r*w l*n*t*-**s** in**xin* inst*** o* t** *r*t*'s in**x() m*t*o* t**t **n*l*s *ir*ul*r *u***r wr*ppin*. Multipl* **visori*s *n* t** Po* **monstr*t* t*is l***s to ****ssin* inv*