Integer Overflow to Buffer Overflow in Rust Standard Library Affects Multiple Versions
CVE-2018-1000810

9.8CRITICAL

Key Information:

Vendor

Rust-lang
Status
Rust
Vendor
CVE Published:
8 October 2018

What is CVE-2018-1000810?

The Rust Programming Language Standard Library versions 1.29.0, 1.28.0, and earlier versions contain a vulnerability where an integer overflow can lead to a buffer overflow. This issue can be triggered through calls to the str::repeat function with a large argument, which may overflow an internal buffer. This vulnerability has been addressed in version 1.29.1, mitigating the risk posed by this flaw.

References

https://security.gentoo.org/glsa/201812-11
vendor-advisoryx_refsource_GENTOO
https://blog.rust-lang.org/2018/09/21/Security-advisory-f...
x_refsource_CONFIRM
https://groups.google.com/forum/#%21topic/rustlang-securi...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.