CVE-2025-48756

In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.

CVSS v3 2.9 LOW

2.9^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://crates.io/crates/scsir
https://github.com/maboroshinokiseki/scsir/issues/4

Configurations

No configuration.

History

28 May 2025, 14:58

Type	Values Removed	Values Added
Summary		(es) En group_number en el paquete scsir 0.2.0 para Rust, puede haber un desbordamiento porque un dispositivo de hardware puede esperar una pequeña cantidad de bits (por ejemplo, 5 bits) para el número de grupo.

24 May 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-24 03:15

Updated : 2025-05-28 14:58

NVD link : CVE-2025-48756

Mitre link : CVE-2025-48756

CVE.ORG link : CVE-2025-48756

JSON object : View

Products Affected

No product.

CWE

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

2.9 /10