CVE-2024-27284

cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7	Patch
https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq	Vendor Advisory
https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7	Patch
https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cassandra-rs_project:cassandra-rs:*:*:*:*:*:rust:*:*

History

01 Apr 2025, 15:20

Type	Values Removed	Values Added
References	~~() https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7 -~~	() https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7 - Patch
References	~~() https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq -~~	() https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq - Vendor Advisory
First Time		Cassandra-rs Project Cassandra-rs Project cassandra-rs
CPE		cpe:2.3:a:cassandra-rs_project:cassandra-rs::::::rust::*

Information

Published : 2024-02-29 01:44

Updated : 2025-04-01 15:20

NVD link : CVE-2024-27284

Mitre link : CVE-2024-27284

CVE.ORG link : CVE-2024-27284

JSON object : View

Products Affected

cassandra-rs_project

cassandra-rs

CWE

CWE-416

Use After Free

{"id": "CVE-2024-27284", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-29T01:44:19.853", "references": [{"url": "https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0.\n"}, {"lang": "es", "value": "cassandra-rs es un controlador Cassandra (CQL) para Rust. El c\u00f3digo que intenta utilizar un elemento (por ejemplo, una fila) devuelto por un iterador despu\u00e9s de que el iterador haya avanzado al siguiente elemento acceder\u00e1 a la memoria liberada y experimentar\u00e1 un comportamiento indefinido. El problema se solucion\u00f3 en la versi\u00f3n 3.0.0."}], "lastModified": "2025-04-01T15:20:58.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cassandra-rs_project:cassandra-rs:*:*:*:*:*:rust:*:*", "vulnerable": true, "matchCriteriaId": "76B92E46-26FB-4C46-968E-C0E4CD86CF02", "versionEndExcluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}