CVE-2019-15554

CRITICAL

smallvec 0.6.3-0.6.9 - Out-of-bounds Write

Title source: llm
STIX 2.1

Description

An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://rustsec.org/advisories/RUSTSEC-2019-0012.html
Patch, Third Party Advisory x_refsource_misc
https://github.com/servo/rust-smallvec/issues/149

Scores

CVSS v3 9.8
EPSS 0.0214
EPSS Percentile 79.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
crates.io/smallvec 0.6.3 - 0.6.10crates.io
servo/smallvec 0.6.3 - 0.6.10
Published Aug 26, 2019
Tracked Since Feb 18, 2026