Buffer Overflow Vulnerability in Rust Standard Library
CVE-2018-1000657

7.8HIGH

Key Information:

Vendor

Rust-lang
Status
Rust
Vendor
CVE Published:
20 August 2018

What is CVE-2018-1000657?

The Rust standard library's std::collections::vec_deque::VecDeque::reserve() function is susceptible to a Buffer Overflow vulnerability. This flaw may allow for arbitrary code execution under certain conditions. The issue affects Rust version 1.3.0 and later, and was rectified following a specific commit. However, no proof-of-concept exploit has been published, indicating a potential risk area within applications relying on the affected versions.

References

https://github.com/rust-lang/rust/commit/f71b37bc28326e27...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105188
vdb-entryx_refsource_BID
https://github.com/rust-lang/rust/issues/44800
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.