rust

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Systems programming language focused on safety, speed and concurrency
Version 1:1.51.0-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1801 1:1.51.0-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-31162 AVG-1801 Medium Yes Arbitrary code execution
In the standard library in Rust before 1.53.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
CVE-2021-28879 AVG-1801 Medium Yes Arbitrary code execution
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer...
CVE-2021-28878 AVG-1801 Medium Yes Incorrect calculation
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain...
CVE-2021-28876 AVG-1801 Medium Yes Incorrect calculation
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the...
CVE-2020-36323 AVG-1801 Medium Yes Information disclosure
In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1804 1:1.48.0-1 1:1.49.0-1 Medium Fixed
AVG-1803 1:1.49.0-1 1:1.50.0-1 Medium Fixed
AVG-1802 1:1.50.0-2 1:1.51.0-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-28877 AVG-1802 Medium Yes Incorrect calculation
In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This...
CVE-2021-28875 AVG-1803 Medium Yes Arbitrary code execution
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a...
CVE-2020-36318 AVG-1804 Medium Yes Arbitrary code execution
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This...
CVE-2020-36317 AVG-1804 Medium Yes Incorrect calculation
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the...