CVE-2019-1010299 - OpenCVE

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Rust-lang	Rust

Configuration 1 [-]

cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/rust-lang/rust/issues/53566	Exploit Issue Tracking Third Party Advisory
https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-15T17:18:46

Updated: 2019-07-15T17:18:46

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010299

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-07-15T18:15:11.727

Modified: 2020-09-30T13:41:02.053

Link: CVE-2019-1010299

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Standard Library", "vendor": "The Rust Programming Language", "versions": [{"status": "affected", "version": "1.18.0 and later [fixed: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d]"}]}], "descriptions": [{"lang": "en", "value": "The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-15T17:18:46", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/rust-lang/rust/issues/53566"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010299", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Standard Library", "version": {"version_data": [{"version_value": "1.18.0 and later [fixed: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d]"}]}}]}, "vendor_name": "The Rust Programming Language"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://github.com/rust-lang/rust/issues/53566", "refsource": "MISC", "url": "https://github.com/rust-lang/rust/issues/53566"}, {"name": "https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d", "refsource": "MISC", "url": "https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d"}]}}}}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010299", "datePublished": "2019-07-15T17:18:46", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2019-07-15T17:18:46", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*", "matchCriteriaId": "7121FBB2-4A3E-4A92-9040-CC9EF86D5257", "versionEndExcluding": "1.30.0", "versionStartIncluding": "1.18.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d."}, {"lang": "es", "value": "La Rust Programming Language Standard Library versi\u00f3n 1.18.0 y posteriores, est\u00e1 afectada por: CWE-200: Exposici\u00f3n de Informaci\u00f3n. El impacto es: El contenido de la memoria no inicializada puede ser impreso en cadena o en el archivo de registro. El componente es: Implementaci\u00f3n del rasgo de depuraci\u00f3n para la funci\u00f3n std::collections::vec_deque::Iter. El vector de ataque es: El programa necesita invocar la impresi\u00f3n de depuraci\u00f3n para el iterador sobre un VecDeque vac\u00edo. La versi\u00f3n corregida es: 1.30.0, versiones nocturnas despu\u00e9s del commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d."}], "id": "CVE-2019-1010299", "lastModified": "2020-09-30T13:41:02.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-15T18:15:11.727", "references": [{"source": "josh@bress.net", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/rust-lang/rust/issues/53566"}, {"source": "josh@bress.net", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "josh@bress.net", "type": "Secondary"}]}