Vulnerability Description
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Failure Project | Failure | <= 0.1.8 |
Related Weaknesses (CWE)
References
- https://boats.gitlab.io/blog/post/failure-to-fehler/ExploitThird Party Advisory
- https://github.com/rust-lang-nursery/failure/issues/336PatchThird Party Advisory
- https://rustsec.org/advisories/RUSTSEC-2020-0036.htmlVendor Advisory
- https://boats.gitlab.io/blog/post/failure-to-fehler/ExploitThird Party Advisory
- https://github.com/rust-lang-nursery/failure/issues/336PatchThird Party Advisory
- https://rustsec.org/advisories/RUSTSEC-2020-0036.htmlVendor Advisory
FAQ
What is CVE-2020-25575?
CVE-2020-25575 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerabi...
How severe is CVE-2020-25575?
CVE-2020-25575 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-25575?
Check the references section above for vendor advisories and patch information. Affected products include: Failure Project Failure.