Page 3 of 14 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar de Rust versiones anteriores a 1.52.0, la implementación de Zip presenta un problema de seguridad de pánico. Llama a la función __iterator_get_unchecked() más de una vez para el mismo índice cuando el iterador subyacente entra en pánico (en determinadas condiciones). • https://github.com/rust-lang/rust/issues/81740 https://github.com/rust-lang/rust/pull/81741 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE https://security.gentoo.org/glsa/202210-09 https://access.redhat • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar en Rust versiones anteriores a 1.51.0, la implementación de Zip llama a la función __iterator_get_unchecked() para el mismo índice más de una vez cuando está anidado. Este bug puede conllevar a una violación de seguridad de la memoria debido a un requisito de seguridad no cumplido para el rasgo TrustedRandomAccess • https://github.com/rust-lang/rust/pull/80670 https://security.gentoo.org/glsa/202210-09 https://access.redhat.com/security/cve/CVE-2021-28877 https://bugzilla.redhat.com/show_bug.cgi?id=1949204 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d. • https://github.com/rust-lang/rust/issues/53566 https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •

CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1. Rust Programming Language Standard Library en versiones 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1 y 126.0 contiene una vulnerabilidad CWE-680: desbordamiento de enteros a desbordamiento de búfer en la biblioteca estándar que puede resultar en un desbordamiento de búfer. El ataque parece ser explotable mediante str::repeat (al pasar un número grande, puede desbordar un búfer interno). • https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html https://groups.google.com/forum/#%21topic/rustlang-security-announcements/CmSuTm-SaU0 https://security.gentoo.org/glsa/201812-11 • CWE-190: Integer Overflow or Wraparound •