CVE-2021-28036

HIGH

quinn < 0.5.4 - Memory Corruption via SocketAddr Data Structure Cast

Title source: llm
STIX 2.1

Description

An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures.

References (1)

Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://rustsec.org/advisories/RUSTSEC-2021-0035.html

Scores

CVSS v3 7.5
EPSS 0.0125
EPSS Percentile 65.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-119
Status published
Products (2)
crates.io/quinn 0 - 0.5.4crates.io
quinn_project/quinn < 0.5.4
Published Mar 05, 2021
Tracked Since Feb 18, 2026