Candidate: CVE-2020-35861
PublicDate: 2020-12-31 10:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35861
 https://rustsec.org/advisories/RUSTSEC-2020-0006.html
 https://github.com/fitzgen/bumpalo/issues/69
Description:
 An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The
 realloc feature allows the reading of unknown memory. Attackers can
 potentially read cryptographic keys.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955151
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_rust-bumpalo:
upstream_rust-bumpalo: released (3.2.1-1)
precise/esm_rust-bumpalo: DNE
trusty_rust-bumpalo: ignored (out of standard support)
trusty/esm_rust-bumpalo: DNE
xenial_rust-bumpalo: DNE
bionic_rust-bumpalo: DNE
focal_rust-bumpalo: needs-triage
groovy_rust-bumpalo: not-affected (3.4.0-1)
hirsute_rust-bumpalo: not-affected
impish_rust-bumpalo: not-affected
jammy_rust-bumpalo: not-affected
devel_rust-bumpalo: not-affected