CVE-2021-28878

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-28878
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28878.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-28878
Downstream
Related
Published
2021-04-11T20:15:12Z
Modified
2025-09-16T07:16:32.110092Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the standard library in Rust before 1.52.0, the Zip implementation calls _iteratorgetunchecked() more than once for the same index (under certain conditions) when nextback() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

References

Affected packages

Debian:11 / rustc

Package

Name
rustc
Purl
pkg:deb/debian/rustc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.48.0+dfsg1-2
1.49.0~beta.4+dfsg1-1~exp1
1.49.0+dfsg1-1~exp1
1.49.0+dfsg1-1
1.49.0+dfsg1-2
1.50.0+dfsg1-1~exp1
1.50.0+dfsg1-1~exp2
1.50.0+dfsg1-1~exp3
1.50.0+dfsg1-1~exp4
1.50.0+dfsg1-1
1.51.0+dfsg1-1~exp1
1.51.0+dfsg1-1~exp2
1.51.0+dfsg1-1~exp3
1.51.0+dfsg1-1
1.52.0~beta.3+dfsg1-1~exp1
1.52.0~beta.3+dfsg1-1~exp2
1.52.0~beta.3+dfsg1-1~exp3
1.52.0~beta.3+dfsg1-1~exp4
1.52.0+dfsg1-1~exp1
1.52.1+dfsg1-1~exp1
1.52.1+dfsg1-1~exp2
1.52.1+dfsg1-1~exp3
1.52.1+dfsg1-1
1.53.0+dfsg1-1~exp1
1.53.0+dfsg1-1
1.53.0+dfsg1-2
1.53.0+dfsg1-3
1.53.0+dfsg1-4
1.54.0+dfsg1-1~exp1
1.54.0+dfsg1-1
1.54.0+dfsg1-2
1.54.0+dfsg1-3
1.55.0+dfsg1-0
1.55.0+dfsg1-1~exp1
1.55.0+dfsg1-1
1.55.0+dfsg1-2
1.56.0~beta.4+dfsg1-1~exp1
1.56.0~beta.4+dfsg1-1~exp2
1.56.0+dfsg1-1
1.56.0+dfsg1-2
1.57.0+dfsg1-1~exp1
1.57.0+dfsg1-1
1.58.1+dfsg1-1~exp1
1.58.1+dfsg1-1
1.59.0+dfsg1-1~exp1
1.59.0+dfsg1-1
1.59.0+dfsg1-2
1.60.0+dfsg1-1~exp1
1.60.0+dfsg1-1
1.61.0+dfsg1-1~exp1
1.61.0+dfsg1-1
1.61.0+dfsg1-2
1.62.1+dfsg1-1~exp1
1.62.1+dfsg1-1
1.63.0+dfsg1-1~exp1
1.63.0+dfsg1-1
1.63.0+dfsg1-2
1.64.0+dfsg1-1~exp1
1.64.0+dfsg1-1~exp2
1.64.0+dfsg1-1~exp3
1.64.0+dfsg1-1~exp4
1.64.0+dfsg1-1
1.65.0+dfsg1-1~exp1
1.65.0+dfsg1-1~exp2
1.65.0+dfsg1-1~exp3
1.65.0+dfsg1-1
1.65.0+dfsg1-2
1.66.0+dfsg1-1~exp1
1.66.0+dfsg1-1
1.67.1+dfsg1-1~exp1
1.67.1+dfsg1-1
1.68.2+dfsg1-1~exp1
1.68.2+dfsg1-1
1.69.0+dfsg1-1~exp1
1.69.0+dfsg1-1~exp2
1.69.0+dfsg1-1
1.70.0+dfsg1-1~exp1
1.70.0+dfsg1-1~exp2
1.70.0+dfsg1-1~exp3
1.70.0+dfsg1-1
1.70.0+dfsg1-2~exp1
1.70.0+dfsg1-2
1.70.0+dfsg1-3
1.70.0+dfsg1-4
1.70.0+dfsg1-5
1.70.0+dfsg1-6
1.70.0+dfsg1-7
1.70.0+dfsg1-8
1.70.0+dfsg1-8.1
1.70.0+dfsg1-9
1.70.0+dfsg2-1~exp1
1.70.0+dfsg2-1~exp2
1.70.0+dfsg2-1~exp3
1.70.0+dfsg2-1
1.70.0+dfsg2-1+loong64
1.71.1+dfsg1-1~exp1
1.71.1+dfsg1-1~exp2
1.71.1+dfsg1-1
1.71.1+dfsg1-2
1.72.1+dfsg1-1~exp1
1.72.1+dfsg1-1~exp2
1.72.1+dfsg1-1
1.72.1+dfsg1-1+hurd.1
1.73.0+dfsg1-1~exp1
1.73.0+dfsg1-1
1.73.0+dfsg1-1+hurd.1
1.73.0+dfsg1-1+loong64
1.74.1+dfsg1-1~exp1
1.74.1+dfsg1-1
1.74.1+dfsg1-1+hurd.1
1.75.0+dfsg1-1~exp1
1.75.0+dfsg1-1
1.75.0+dfsg1-2
1.75.0+dfsg1-3
1.75.0+dfsg1-4
1.75.0+dfsg1-4+hurd.1
1.75.0+dfsg1-5
1.76.0+dfsg1-1~exp1
1.76.0+dfsg1-1
1.76.0+dfsg1-1+hurd.1
1.77.2+dfsg1-1~exp1
1.77.2+dfsg1-1
1.78.0+dfsg1-1~exp1
1.78.0+dfsg1-2
1.79.0+dfsg1-1~exp1
1.79.0+dfsg1-1
1.79.0+dfsg1-2
1.79.0+dfsg1-2+hurd.1
1.80.0+dfsg1-1~exp1
1.80.1+dfsg1-1~exp1
1.80.1+dfsg1-1
1.80.1+dfsg1-1+hurd.1
1.81.0+dfsg1-1~exp1
1.81.0+dfsg1-1~exp2
1.81.0+dfsg1-1
1.81.0+dfsg1-2
1.82.0+dfsg1-1~exp1
1.82.0+dfsg1-1~exp2
1.82.0+dfsg1-1~exp3
1.82.0+dfsg1-1
1.82.0+dfsg1-2
1.83.0+dfsg1-1~exp1
1.83.0+dfsg1-1
1.84.0+dfsg1-1~exp1
1.84.0+dfsg1-1
1.84.0+dfsg1-2
1.85.0~beta.9+dfsg1-1~exp1
1.85.0+dfsg1-1
1.85.0+dfsg2-1
1.85.0+dfsg2-2
1.85.0+dfsg2-3
1.85.0+dfsg3-1
1.86.0+dfsg1-1~bpo13+1
1.86.0+dfsg1-1~bpo13+2
1.86.0+dfsg1-1~exp1
1.86.0+dfsg1-1~exp2
1.86.0+dfsg1-1~exp2+x32
1.86.0+dfsg1-1~exp3
1.86.0+dfsg1-1~exp4
1.86.0+dfsg1-1
1.87.0+dfsg1-1~exp1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / rustc

Package

Name
rustc
Purl
pkg:deb/debian/rustc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.53.0+dfsg1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / rustc

Package

Name
rustc
Purl
pkg:deb/debian/rustc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.53.0+dfsg1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / rustc

Package

Name
rustc
Purl
pkg:deb/debian/rustc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.53.0+dfsg1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/rust-lang/rust

Affected ranges

Type
GIT
Repo
https://github.com/rust-lang/rust
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
88f19c6dab716c6281af7602e30f413e809c5974