The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d.
References
Link | Resource |
---|---|
https://github.com/rust-lang/rust/issues/53566 | Exploit Issue Tracking Third Party Advisory |
https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dwf
Published: 2019-07-15T17:18:46
Updated: 2019-07-15T17:18:46
Reserved: 2019-03-20T00:00:00
Link: CVE-2019-1010299
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-15T18:15:11.727
Modified: 2020-09-30T13:41:02.053
Link: CVE-2019-1010299
JSON object: View
Redhat Information
No data.