Memory Safety Issue in Rust's Zip Implementation by Rust Foundation
CVE-2021-28878

7.5HIGH

Key Information:

Vendor: Rust-lang
Status: Rust
Vendor: CVE Published:; 11 April 2021

What is CVE-2021-28878?

A flaw in the Rust Standard Library prior to version 1.52.0 affects the Zip implementation, where the function __iterator_get_unchecked() is called multiple times for the same index under certain usage conditions of next_back() and next(). This oversight violates the safety requirement for the TrustedRandomAccess trait, potentially leading to memory safety issues.

References

https://github.com/rust-lang/rust/issues/82291

https://github.com/rust-lang/rust/pull/82292

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2021
Vulnerability Reserved
Mar 19, 2021

Rust-lang

What is CVE-2021-28878?

References

CVSS V3.1

Timeline