CNVD-2019-29437

Vulnerability from cnvd - Published: 2019-08-30
VLAI Severity ?
Title
memoffset crate for Rust信息泄露漏洞
Description
memoffset crate for Rust是一款基于Rust的、用于计算结构构件及其跨度的偏移量的软件包。 memoffset crate for Rust 0.5.0之前版本中存在信息泄露漏洞,未授权的攻击者可利用漏洞获取受影响组件敏感信息。
Severity
Patch Name
memoffset crate for Rust信息泄露漏洞的补丁
Patch Description
memoffset crate for Rust是一款基于Rust的、用于计算结构构件及其跨度的偏移量的软件包。 memoffset crate for Rust 0.5.0之前版本中存在信息泄露漏洞,未授权的攻击者可利用漏洞获取受影响组件敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490

Reference
https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490 https://rustsec.org/advisories/RUSTSEC-2019-0011.html
Impacted products
Name
memoffset memoffset crate for Rust <0.5.0
Show details on source website
To clipboard Create KEV Entry 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-15553"
    }
  },
  "description": "memoffset crate for Rust\u662f\u4e00\u6b3e\u57fa\u4e8eRust\u7684\u3001\u7528\u4e8e\u8ba1\u7b97\u7ed3\u6784\u6784\u4ef6\u53ca\u5176\u8de8\u5ea6\u7684\u504f\u79fb\u91cf\u7684\u8f6f\u4ef6\u5305\u3002\n\nmemoffset crate for Rust 0.5.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-29437",
  "openTime": "2019-08-30",
  "patchDescription": "memoffset crate for Rust\u662f\u4e00\u6b3e\u57fa\u4e8eRust\u7684\u3001\u7528\u4e8e\u8ba1\u7b97\u7ed3\u6784\u6784\u4ef6\u53ca\u5176\u8de8\u5ea6\u7684\u504f\u79fb\u91cf\u7684\u8f6f\u4ef6\u5305\u3002\r\n\r\nmemoffset crate for Rust 0.5.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "memoffset crate for Rust\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "memoffset memoffset crate for Rust \u003c0.5.0"
  },
  "referenceLink": "https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490\r\nhttps://rustsec.org/advisories/RUSTSEC-2019-0011.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-08-28",
  "title": "memoffset crate for Rust\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.