Miggo Logo
Miggo Vulnerability Database
CVE-2020-35906

CVE-2020-35906: futures_task::waker may cause a use-after-free if used on a type that isn't 'static

7.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-35906
GHSA ID
GHSA-r93v-9p5q-vhpf
EPSS Score
0.34029%
CWE
CWE-416
Published
5/24/2022
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
futures-taskrust>= 0.2.1, < 0.3.60.3.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the waker function's missing 'static bound on its generic type parameter. Multiple sources confirm this: 1) The RustSec advisory explicitly lists futures_task::waker as the affected function. 2) The GitHub PR #2206 shows the fix adding the 'static bound to the function signature. 3) The CVE description demonstrates how non-'static data leads to use-after-free through this function. The function's role in creating wakers from potentially short-lived data makes it the clear entry point for the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* t** *r*t* *i* not prop*rly impl*m*nt * 'st*ti* li**tim* *oun* on t** w*k*r *un*tion. T*is r*sult** in * us*-**t*r-*r** i* W*k*r::w*k*() is **ll** **t*r ori*in*l **t* *** ***n *ropp**. T** *l*w w*s *orr**t** *y ***in* 'st*ti* li*

Reasoning

T** vuln*r**ility st*ms *rom t** w*k*r *un*tion's missin* 'st*ti* *oun* on its **n*ri* typ* p*r*m*t*r. Multipl* sour**s *on*irm t*is: *) T** RustS** **visory *xpli*itly lists *utur*s_t*sk::w*k*r *s t** *****t** *un*tion. *) T** *it*u* PR #**** s*ows