CVE-2021-28877 - OpenCVE

In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Rust-lang	Rust

Configuration 1 [-]

cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/rust-lang/rust/pull/80670	Issue Tracking Patch Third Party Advisory
https://security.gentoo.org/glsa/202210-09	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-11T00:00:00

Updated: 2022-10-16T00:00:00

Reserved: 2021-03-19T00:00:00

Link: CVE-2021-28877

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-11T20:15:12.737

Modified: 2022-11-03T19:36:57.687

Link: CVE-2021-28877

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9E57FE9-6452-4391-B83F-677045452AAC", "versionEndExcluding": "1.51.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait."}, {"lang": "es", "value": "En la biblioteca est\u00e1ndar en Rust versiones anteriores a 1.51.0, la implementaci\u00f3n de Zip llama a la funci\u00f3n __iterator_get_unchecked() para el mismo \u00edndice m\u00e1s de una vez cuando est\u00e1 anidado. Este bug puede conllevar a una violaci\u00f3n de seguridad de la memoria debido a un requisito de seguridad no cumplido para el rasgo TrustedRandomAccess"}], "id": "CVE-2021-28877", "lastModified": "2022-11-03T19:36:57.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-11T20:15:12.737", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/rust-lang/rust/pull/80670"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-09"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}