Home > Vulnerability Database > CVE-2024-27284

Mend.io Vulnerability Database

CVE-2024-27284

Good to know:

Date: February 28, 2024

cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0.

Language: RUST

Severity Score

7.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-27284

Url: https://github.com/Metaswitch/cassandra-rs

Url: https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7

Url: https://rustsec.org/advisories/RUSTSEC-2024-0017.html

Url: https://crates.io/crates/cassandra-cpp

Url: https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq

Url: https://www.mend.io/vulnerability-database/CVE-2024-27284

Severity Score

7.5

Weakness Type (CWE)

Use After Free

CWE-416

Top Fix

Upgrade Version

Upgrade to version 3.0.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-27284

Good to know:

Date: February 28, 2024

Language: RUST

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?