CVE-2020-35861: Out of bounds read in bumpalo

August 25, 2021

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys.

References

github.com/advisories/GHSA-vqx7-pw4r-29rr
github.com/fitzgen/bumpalo
github.com/fitzgen/bumpalo/issues/69
nvd.nist.gov/vuln/detail/CVE-2020-35861
rustsec.org/advisories/RUSTSEC-2020-0006.html

Detect and mitigate CVE-2020-35861 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →