Bug 1148293 - (CVE-2018-20991) VUL-1: CVE-2018-20991: rust-smallvec: The Iterator implementation mishandles destructors, leading to a double free.
(CVE-2018-20991)
VUL-1: CVE-2018-20991: rust-smallvec: The Iterator implementation mishandles ...
Status: NEW
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P4 - Low : Normal (vote)
: ---
Assigned To: Sasi Olin
Security Team bot
https://smash.suse.de/issue/241136/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-27 08:37 UTC by Alexandros Toptsoglou
Modified: 2021-04-23 19:24 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-08-27 08:37:40 UTC
CVE-2018-20991

An issue was discovered in the smallvec crate before 0.6.3 for Rust. The
Iterator implementation mishandles destructors, leading to a double free.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20991
https://rustsec.org/advisories/RUSTSEC-2018-0003.html
Comment 1 Federico Mena Quintero 2021-04-22 17:21:46 UTC
https://build.suse.de/request/show/240046 is for librsvg-2.42.9 in SLE-15
Comment 2 Swamp Workflow Management 2021-04-23 19:24:22 UTC
SUSE-SU-2021:1310-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1148293,1181571
CVE References: CVE-2018-20991
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    librsvg-2.42.9-3.6.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src):    librsvg-2.42.9-3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.