rust
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Systems programming language focused on safety, speed and concurrency |
| Version | 1:1.51.0-1 [extra] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1801 | 1:1.51.0-1 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-31162 | AVG-1801 | Medium | Yes | Arbitrary code execution | In the standard library in Rust before 1.53.0, a double free can occur in the Vec::from_iter function if freeing the element panics. |
| CVE-2021-28879 | AVG-1801 | Medium | Yes | Arbitrary code execution | In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer... |
| CVE-2021-28878 | AVG-1801 | Medium | Yes | Incorrect calculation | In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain... |
| CVE-2021-28876 | AVG-1801 | Medium | Yes | Incorrect calculation | In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the... |
| CVE-2020-36323 | AVG-1801 | Medium | Yes | Information disclosure | In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1804 | 1:1.48.0-1 | 1:1.49.0-1 | Medium | Fixed | |
| AVG-1803 | 1:1.49.0-1 | 1:1.50.0-1 | Medium | Fixed | |
| AVG-1802 | 1:1.50.0-2 | 1:1.51.0-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-28877 | AVG-1802 | Medium | Yes | Incorrect calculation | In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This... |
| CVE-2021-28875 | AVG-1803 | Medium | Yes | Arbitrary code execution | In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a... |
| CVE-2020-36318 | AVG-1804 | Medium | Yes | Arbitrary code execution | In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This... |
| CVE-2020-36317 | AVG-1804 | Medium | Yes | Incorrect calculation | In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the... |