VDB
CVE-2020-35711
CVE-2020-35711
PUBLISHED
An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map.
EPSS 0.33% · 56.0th percentile
Risk Scores
EPSS Score
0.33%
56.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | rust-arc-swap | 0, 0.4.3-1, 0.4.4-1 |
| Ubuntu:24.04:LTS | rust-arc-swap | 0, 1.6.0-1, 1.6.0-2 |
| Ubuntu:22.04:LTS | rust-arc-swap | 0.4.8-2, 0.4.8-3, 0 |
| Ubuntu:25.10 | rust-arc-swap | 0, 1.7.1-1 |
Exploit Intelligence
Timeline
- Dec 10, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-35711 third-party-advisory
- https://github.com/vorner/arc-swap/issues/45 third-party-advisory
- https://rustsec.org/advisories/RUSTSEC-2020-0091.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-35711 third-party-advisory