Vulnerability CVE-2021-28878: Information

Description

In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-28878
Published: April 11, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
rustsisyphus1.51.0-alt11.77.1-alt1ALT-PU-2021-1761-1271165Fixed
rustp101.51.0-alt11.74.1-alt0.p10.1ALT-PU-2021-1761-1271165Fixed
rustp91.55.0-alt0.p9.11.64.0-alt0.c9.2ALT-PU-2022-1778-1288073Fixed
rustc10f11.51.0-alt11.72.1-alt0.c10.2ALT-PU-2021-1761-1271165Fixed
rustc9f21.55.0-alt0.c9.11.64.0-alt0.c9.2ALT-PU-2021-3365-1288792Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/rust-lang/rust/issues/82291
  • Exploit
  • Issue Tracking
  • Third Party Advisory
https://github.com/rust-lang/rust/pull/82292
  • Patch
  • Third Party Advisory
GLSA-202210-09
  • Third Party Advisory
FEDORA-2021-d0ba1901ca
    FEDORA-2021-b1ba54add6
      FEDORA-2021-d7f74f0250

          1. Configuration 1

            cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*
            End excliding
            1.52.0

            Configuration 2

            cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.4.2
        Back to top