Buffer Overflow Vulnerability in Rust Standard Library
CVE-2021-28875

7.5HIGH

Key Information:

Vendor: Rust-lang
Status: Rust
Vendor: CVE Published:; 11 April 2021

What is CVE-2021-28875?

In the Rust programming language, prior to version 1.50.0, a vulnerability exists in the standard library's read_to_end() function. This function fails to properly validate return values from the Read trait in potentially unsafe contexts, which may allow for a buffer overflow. Exploitation of this vulnerability can lead to unpredictable behavior, including injection of malicious code into memory. Developers using affected versions of Rust are advised to update to ensure the integrity and security of their applications.

References

https://github.com/rust-lang/rust/issues/80894

https://github.com/rust-lang/rust/pull/80895

https://security.gentoo.org/glsa/202210-09

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2021
Vulnerability Reserved
Mar 19, 2021

Rust-lang

What is CVE-2021-28875?

References

CVSS V3.1

Timeline