IP Address Parsing Vulnerability in Rust Programming Language
CVE-2021-29922

9.1CRITICAL

Key Information:

Vendor: Rust-lang
Status: Rust
Vendor: CVE Published:; 7 August 2021

What is CVE-2021-29922?

An issue in the Rust programming language prior to version 1.53.0 arises from improper handling of leading zero characters in IP address strings. This flaw can lead to unexpected octal interpretation of IP addresses, potentially allowing attackers to bypass security mechanisms that depend on IP-based access control. Proper validation is essential to ensure that input is interpreted as intended and does not expose systems to unauthorized access.

References

https://doc.rust-lang.org/beta/std/net/struct.Ipv4Addr.html

https://github.com/rust-lang/rust/pull/83652

https://github.com/rust-lang/rust/issues/83648

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2021
Vulnerability Reserved
Apr 1, 2021

Rust-lang

What is CVE-2021-29922?

References

CVSS V3.1

Timeline