CVE-2020-36215

HIGH

Hashconsing < 1.1.0 - Out-of-Bounds Write

Title source: rule

Description

An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.

References (1)

[Exploit, Vendor Advisory] https://rustsec.org/advisories/RUSTSEC-2020-0107.html

Scores

CVSS v3 7.5

EPSS 0.0039

EPSS Percentile 60.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-662 CWE-787

Status published

Products (2)

crates.io/hashconsing 0 - 1.1.0crates.io

hashconsing_project/hashconsing < 1.1.0

Published Jan 26, 2021

Tracked Since Feb 18, 2026