DEBIAN-CVE-2020-36323

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2020-36323

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-36323.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-36323

Upstream

CVE-2020-36323

Published

2021-04-14T07:15:12Z

Modified

2025-09-19T06:21:03Z

Summary

[none]

Details

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.

References

https://security-tracker.debian.org/tracker/CVE-2020-36323

Affected packages

Debian:12 / rustc

Package

Name: rustc
Purl: pkg:deb/debian/rustc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.53.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rustc

Package

Name: rustc
Purl: pkg:deb/debian/rustc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.53.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / rustc

Package

Name: rustc
Purl: pkg:deb/debian/rustc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.53.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}