{"id":"RUSTSEC-2018-0008","summary":"Bug in SliceDeque::move_head_unchecked allows read of corrupted memory","details":"Affected versions of this crate did not properly update the\nhead and tail of the deque when inserting and removing elements from the front\nif, before insertion or removal, the tail of the deque was in the mirrored\nmemory region, and if, after insertion or removal, the head of the deque is\nexactly at the beginning of the mirrored memory region.\n\nAn attacker that controls both element insertion and removal into the deque\ncould put it in a corrupted state. Once the deque enters such an state, its head\nand tail are corrupted, but in bounds of the allocated memory. This can result\nin partial reads and writes, reads of uninitialized memory, reads of memory\ncontaining previously dropped objects, etc. An attacker could exploit this to\nalter program execution.\n\nThe flaw was corrected by properly updating the head and tail of the deque in\nthis case.","aliases":["CVE-2018-20995","GHSA-hr3c-6mmp-6m39"],"modified":"2026-02-04T02:55:26.607597Z","published":"2018-12-05T12:00:00Z","related":["RUSTSEC-2019-0002"],"database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/slice-deque"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2018-0008.html"},{"type":"REPORT","url":"https://github.com/gnzlbg/slice_deque/issues/57"}],"affected":[{"package":{"name":"slice-deque","ecosystem":"crates.io","purl":"pkg:cargo/slice-deque"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.1.16"}]}],"ecosystem_specific":{"affects":{"arch":[],"os":[],"functions":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2018-0008.json","informational":null,"cvss":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","categories":[]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}