CVE-2019-12083
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.
Rust Programming Language Standard Library, versiones 1.34.x anteriores a 1.34.2, contiene un método estabilizado que, si se anula, puede ignorar las garantías de seguridad de Rust y causar inseguridades en la memoria. Si el método `Error::type_id` es anulado, entonces cualquier tipo puede ser lanzado con seguridad a cualquier otro tipo, causando vulnerabilidades de seguridad de memoria en código seguro (por ejemplo, escritura o lectura fuera de límites). El código que no implementa manualmente Error::type_id no se ve afectado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-05-13 CVE Reserved
- 2019-05-13 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
- CWE-787: Out-of-bounds Write
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://groups.google.com/forum/#%21topic/rustlang-security-announcements/aZabeCMUv70 | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://blog.rust-lang.org/2019/05/13/Security-advisory.html | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rust-lang Search vendor "Rust-lang" | Rust Search vendor "Rust-lang" for product "Rust" | >= 1.34.0 < 1.34.2 Search vendor "Rust-lang" for product "Rust" and version " >= 1.34.0 < 1.34.2" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 29 Search vendor "Fedoraproject" for product "Fedora" and version "29" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
|