{"id":"RUSTSEC-2019-0036","summary":"Type confusion if __private_get_type_id__ is overridden","details":"Safe Rust code can implement malfunctioning `__private_get_type_id__` and cause\ntype confusion when downcasting, which is an undefined behavior.\n\nUsers who derive `Fail` trait are not affected.","aliases":["CVE-2019-25010","CVE-2020-25575","GHSA-jq66-xh47-j9f3","GHSA-r98r-j25q-rmpr","RUSTSEC-2020-0036"],"modified":"2023-11-08T04:01:32.420171Z","published":"2019-11-13T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/failure"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2019-0036.html"},{"type":"REPORT","url":"https://github.com/rust-lang-nursery/failure/issues/336"}],"affected":[{"package":{"name":"failure","ecosystem":"crates.io","purl":"pkg:cargo/failure"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":["failure::Fail::__private_get_type_id__"]},"affected_functions":null},"database_specific":{"categories":[],"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2019-0036.json","informational":"unsound"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}