CVE-2019-15552: Use after free in libflate

August 25, 2021

An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution.

References

github.com/advisories/GHSA-rpcm-whqc-jfw8
github.com/sile/libflate
github.com/sile/libflate/commit/ffeff7c65deac5a6f886db2a59bcae4e420e4706
github.com/sile/libflate/issues/35
github.com/sile/libflate/pull/37
nvd.nist.gov/vuln/detail/CVE-2019-15552
rustsec.org/advisories/RUSTSEC-2019-0010.html

Detect and mitigate CVE-2019-15552 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →