CVE-2020-25016

CRITICAL

rgb-rust < 0.8.20 - Memory Safety Violation via Struct Byte Manipulation

Title source: llm

Description

A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://rustsec.org/advisories/RUSTSEC-2020-0029.html

Exploit, Third Party Advisory x_refsource_misc

https://github.com/kornelski/rust-rgb/issues/35

Scores

CVSS v3 9.1

EPSS 0.0159

EPSS Percentile 72.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-119 CWE-843

Status published

Products (2)

crates.io/rgb 0.5.4 - 0.8.20crates.io

rgb-rust_project/rgb-rust < 0.8.20

Published Aug 29, 2020

Tracked Since Feb 18, 2026