String Manipulation Vulnerability in Rust Standard Library
CVE-2020-36323

8.2HIGH

Key Information:

Vendor

Rust-lang
Status
Rust
Vendor
CVE Published:
14 April 2021

What is CVE-2020-36323?

An issue exists in the Rust standard library found in versions prior to 1.52.0, where an optimization related to string joining could result in uninitialized bytes being exposed or potentially lead to a program crash. This vulnerability arises when a borrowed string is modified after its length has been assessed, leading to unsafe behavior in memory management. Developers should review their usage of string operations within the affected versions to mitigate risks.

References

https://github.com/rust-lang/rust/issues/80335
x_refsource_MISC
https://github.com/rust-lang/rust/pull/81728
x_refsource_MISC
https://github.com/rust-lang/rust/pull/81728#issuecomment...
x_refsource_MISC

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.