Memory Safety Violation in Rust Zip Implementation by Rust Language
CVE-2021-28877

7.5HIGH

Key Information:

Vendor
Rust-lang
Status
Rust
Vendor
CVE Published:
11 April 2021

Summary

The implementation of the Zip functionality in the Rust standard library prior to version 1.51.0 contains a flaw where the __iterator_get_unchecked() method can be invoked multiple times for the same index during nested operations. This repetition can compromise memory safety, as it bypasses a critical safety requirement associated with the TrustedRandomAccess trait, leading to potential security risks.

References

https://github.com/rust-lang/rust/pull/80670
https://security.gentoo.org/glsa/202210-09
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.