CVE-2020-35861

HIGH

bumpalo 3.0.0-3.2.0 - Out-of-bounds Read via Realloc Feature

Title source: llm
STIX 2.1

Description

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys.

References (1)

Core 1
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://rustsec.org/advisories/RUSTSEC-2020-0006.html

Scores

CVSS v3 7.5
EPSS 0.0149
EPSS Percentile 71.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-125
Status published
Products (2)
bumpalo_project/bumpalo 3.0.0 - 3.2.1
crates.io/bumpalo 3.0.0 - 3.2.1crates.io
Published Dec 31, 2020
Tracked Since Feb 18, 2026