VDB
CVE-2022-36086
CVE-2022-36086
PUBLISHED
CVSS 8.399999618530273 HIGH
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
EPSS 0.30% · 53.4th percentile
Risk Scores
CVSS 3.1
8.399999618530273
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.30%
53.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| rust-osdev | linked-list-allocator | < 0.10.2, 0 |
| crates.io | linked_list_allocator | 0 |
Exploit Intelligence
Timeline
- Sep 7, 2022 CVE Published
- Sep 8, 2022 EPSS Score
- Oct 23, 2022 EPSS Score
- Dec 7, 2022 EPSS Score
- Jan 22, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 8, 2023 EPSS Score
- Apr 22, 2023 EPSS Score
- Jun 6, 2023 EPSS Score
- Jul 21, 2023 EPSS Score
- Sep 4, 2023 EPSS Score
- Oct 20, 2023 EPSS Score
References
- https://github.com/rust-osdev/linked-list-allocator/security/advisories/GHSA-xg8p-34w2-j49j url
- https://github.com/rust-osdev/linked-list-allocator/commit/013b0758643943e8df5b17bbb495460ff47e8bbf url
- https://nvd.nist.gov/vuln/detail/CVE-2022-36086 advisory
- https://github.com/advisories/GHSA-xg8p-34w2-j49j advisory
- https://github.com/rust-osdev/linked-list-allocator package
- https://rustsec.org/advisories/RUSTSEC-2022-0063.html url