Memory Safety Vulnerability in Rust Standard Library's Zip Implementation
CVE-2021-28876

5.3MEDIUM

Key Information:

Vendor: Rust-lang
Status: Rust
Vendor: CVE Published:; 11 April 2021

Summary

The Rust Standard Library prior to version 1.52.0 contains a vulnerability in its Zip implementation that presents a memory safety issue. Specifically, the implementation calls the __iterator_get_unchecked() function multiple times for the same index when the underlying iterator panics under certain conditions. This behavior violates safety requirements associated with the TrustedRandomAccess trait, potentially leading to memory corruption and other unpredictable behavior in applications that rely on the library for manipulation of zip data.

References

https://github.com/rust-lang/rust/issues/81740

https://github.com/rust-lang/rust/pull/81741

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2021
Vulnerability Reserved
Mar 19, 2021