Memory Safety Vulnerability in Rust Library Affecting String Handling
CVE-2020-36317

7.5HIGH

Key Information:

Vendor: Rust-lang
Status: Rust
Vendor: CVE Published:; 11 April 2021

What is CVE-2020-36317?

The standard library in Rust prior to version 1.49.0 contains a memory safety issue in the String::retain() function, which can be triggered when the provided closure panics. This flaw may lead to the creation of a non-UTF-8 encoded string, raising concerns when other string APIs operate under the assumption of UTF-8 encoding. The potential ramifications of this vulnerability include memory safety violations, which can compromise the integrity of data handling in Rust applications.

References

https://github.com/rust-lang/rust/issues/78498

x_refsource_MISC

https://github.com/rust-lang/rust/pull/78499

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2021
Vulnerability Reserved
Apr 11, 2021

Rust-lang

What is CVE-2020-36317?

References

CVSS V3.1

Timeline