Vulnerability Description
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Actix | Actix-Web | < 0.7.15 |
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-web/RUSTThird Party Advisory
- https://rustsec.org/advisories/RUSTSEC-2018-0019.htmlIssue TrackingThird Party Advisory
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-web/RUSTThird Party Advisory
- https://rustsec.org/advisories/RUSTSEC-2018-0019.htmlIssue TrackingThird Party Advisory
FAQ
What is CVE-2018-25026?
CVE-2018-25026 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
How severe is CVE-2018-25026?
CVE-2018-25026 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-25026?
Check the references section above for vendor advisories and patch information. Affected products include: Actix Actix-Web.