{"id":"CVE-2024-27284","summary":"cassandra-rs non-idiomatic use of iterators leads to use after free","details":"cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour.  The problem has been fixed in version 3.0.0.\n","aliases":["GHSA-x9xc-63hg-vcfq","RUSTSEC-2024-0017"],"modified":"2026-04-10T05:12:07.541057Z","published":"2024-02-28T15:46:37.388Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27284.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-416"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27284.json"},{"type":"ADVISORY","url":"https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27284"},{"type":"FIX","url":"https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cassandra-rs/cassandra-rs","events":[{"introduced":"0"},{"fixed":"ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.0.0"}]}}],"versions":["0.10.0","0.10.1","0.10.2","0.11.0","0.12.0","0.13.0","0.13.1","0.13.2","0.14.0","0.14.1","0.15.0","0.15.1","0.16.0","0.17.0","0.17.1","0.17.2","0.6.0","0.6.1","0.6.10","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.8.0","0.8.1","0.8.2","1.0.0","1.1.0","1.2.0","2.0.0","2.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27284.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/metaswitch/cassandra-rs","events":[{"introduced":"0"},{"fixed":"ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.0.0"}]}}],"versions":["0.10.0","0.10.1","0.10.2","0.11.0","0.12.0","0.13.0","0.13.1","0.13.2","0.14.0","0.14.1","0.15.0","0.15.1","0.16.0","0.17.0","0.17.1","0.17.2","0.6.0","0.6.1","0.6.10","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.8.0","0.8.1","0.8.2","1.0.0","1.1.0","1.2.0","2.0.0","2.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27284.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}