rust

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Systems programming language focused on safety, speed and concurrency
Version 1:1.55.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2263 1.52.1-3 1.53.0-1 Medium Fixed
AVG-1804 1:1.48.0-1 1:1.49.0-1 Medium Fixed
AVG-1803 1:1.49.0-1 1:1.50.0-1 Medium Fixed
AVG-1802 1:1.50.0-2 1:1.51.0-1 Medium Fixed
AVG-1801 1:1.51.0-1 1:1.52.0-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-31162 AVG-1801 Medium Yes Arbitrary code execution 
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
CVE-2021-29922 AVG-2263 Medium Yes Access restriction bypass 
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which...
CVE-2021-28879 AVG-1801 Medium Yes Arbitrary code execution 
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer...
CVE-2021-28878 AVG-1801 Medium Yes Incorrect calculation 
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain...
CVE-2021-28877 AVG-1802 Medium Yes Incorrect calculation 
In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This...
CVE-2021-28876 AVG-1801 Medium Yes Incorrect calculation 
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the...
CVE-2021-28875 AVG-1803 Medium Yes Arbitrary code execution 
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a...
CVE-2020-36323 AVG-1801 Medium Yes Information disclosure 
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program...
CVE-2020-36318 AVG-1804 Medium Yes Arbitrary code execution 
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This...
CVE-2020-36317 AVG-1804 Medium Yes Incorrect calculation 
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the...