CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28877 – rust: memory safety violation in Zip implementation for nested iter::Zips
https://notcve.org/view.php?id=CVE-2021-28877
11 Apr 2021 — In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar en Rust versiones anteriores a 1.51.0, la implementación de Zip llama a la función __iterator_get_unchecked() para el mismo índice más de una vez cuando está anidado. Este bug puede conllevar a una violación de seg... • https://github.com/rust-lang/rust/pull/80670 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-28879 – rust: integer overflow in the Zip implementation can lead to a buffer overflow
https://notcve.org/view.php?id=CVE-2021-28879
11 Apr 2021 — In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. En la biblioteca estándar de Rust versiones anteriores a 1.52.0, la implementación de Zip puede reportar un tamaño incorrecto debido a un desbordamiento de enteros. Este bug puede conllevar a un desbordamiento del búfer cuando un iterador Zip consumido es usado nuevamente Rust Toolset provides th... • https://github.com/rust-lang/rust/issues/82282 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010299
https://notcve.org/view.php?id=CVE-2019-1010299
15 Jul 2019 — The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d. • https://github.com/rust-lang/rust/issues/53566 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2018-1000810 – Gentoo Linux Security Advisory 201812-11
https://notcve.org/view.php?id=CVE-2018-1000810
08 Oct 2018 — The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1. Rust Programming Language Standard Library en versiones 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126... • https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html • CWE-190: Integer Overflow or Wraparound •