CVE-2020-36205: Memory handling issues in xcb

August 25, 2021 (updated February 13, 2023)

An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.

References

github.com/advisories/GHSA-c8hq-x4mm-p6q6
github.com/rtbo/rust-xcb
github.com/rtbo/rust-xcb/issues/93
github.com/rust-x-bindings/rust-xcb/issues/93
nvd.nist.gov/vuln/detail/CVE-2020-36205
rustsec.org/advisories/RUSTSEC-2020-0097.html

Code Behaviors & Features

Detect and mitigate CVE-2020-36205 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →