Memory Safety Vulnerability in Rust Programming Language Standard Library
CVE-2019-12083

8.1HIGH

Key Information:

Vendor

Rust-lang
Status
Rust
Vendor
CVE Published:
13 May 2019

What is CVE-2019-12083?

The Rust Programming Language Standard Library prior to version 1.34.2 introduces a vulnerability where the stabilization of the 'Error::type_id' method allows overridden implementations to bypass Rust's stringent memory safety checks. This can lead to unsafe type casts, potentially resulting in memory corruption and data breaches. If overridden, this method permits casting any type to any other type without the usual safety guarantees, enabling issues such as out-of-bounds memory access. Code not implementing 'Error::type_id' remains unaffected, but developers should exercise caution with custom implementations to avoid introducing vulnerabilities into their applications.

References

https://groups.google.com/forum/#%21topic/rustlang-securi...
x_refsource_MISC
https://blog.rust-lang.org/2019/05/13/Security-advisory.html
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.