CVE-2024-27284

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27284
cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7
https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq
Configurations

No configuration.

History

No history.

Information

Published : 2024-02-29 01:44

Updated : 2024-02-29 13:49

NVD link : CVE-2024-27284

Mitre link : CVE-2024-27284

CVE.ORG link : CVE-2024-27284

JSON object : View

Products Affected

No product.

CWE
CWE-416

Use After Free