OESA-2021-1214

In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.(CVE-2020-36317)

In the standard library in Rust before 1.50.0, readtoend() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.(CVE-2021-28875)

In the standard library in Rust before 1.52.0, the Zip implementation calls _iteratorgetunchecked() more than once for the same index (under certain conditions) when nextback() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.(CVE-2021-28878)

In the standard library in Rust before 1.51.0, the Zip implementation calls _iteratorget_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.(CVE-2021-28877)

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls _iteratorget_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.(CVE-2021-28876)

In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.(CVE-2021-28879)

In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.(CVE-2020-36318)

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.(CVE-2020-36323)

Database specific

{
    "severity": "Critical"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / rust

Package

Name: rust
Purl: pkg:rpm/openEuler/rust&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.51.0-1.oe1

Ecosystem specific

{
    "noarch": [
        "rust-debugger-common-1.51.0-1.oe1.noarch.rpm",
        "rust-lldb-1.51.0-1.oe1.noarch.rpm",
        "rust-gdb-1.51.0-1.oe1.noarch.rpm",
        "rust-src-1.51.0-1.oe1.noarch.rpm"
    ],
    "src": [
        "rust-1.51.0-1.oe1.src.rpm"
    ],
    "aarch64": [
        "cargo-1.51.0-1.oe1.aarch64.rpm",
        "rust-debuginfo-1.51.0-1.oe1.aarch64.rpm",
        "rust-1.51.0-1.oe1.aarch64.rpm",
        "rls-1.51.0-1.oe1.aarch64.rpm",
        "rustfmt-1.51.0-1.oe1.aarch64.rpm",
        "rust-std-static-1.51.0-1.oe1.aarch64.rpm",
        "rust-analysis-1.51.0-1.oe1.aarch64.rpm",
        "clippy-1.51.0-1.oe1.aarch64.rpm",
        "rust-debugsource-1.51.0-1.oe1.aarch64.rpm",
        "rust-help-1.51.0-1.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "rust-std-static-1.51.0-1.oe1.x86_64.rpm",
        "rust-1.51.0-1.oe1.x86_64.rpm",
        "rust-debuginfo-1.51.0-1.oe1.x86_64.rpm",
        "rust-debugsource-1.51.0-1.oe1.x86_64.rpm",
        "rust-analysis-1.51.0-1.oe1.x86_64.rpm",
        "rustfmt-1.51.0-1.oe1.x86_64.rpm",
        "cargo-1.51.0-1.oe1.x86_64.rpm",
        "rls-1.51.0-1.oe1.x86_64.rpm",
        "clippy-1.51.0-1.oe1.x86_64.rpm",
        "rust-help-1.51.0-1.oe1.x86_64.rpm"
    ]
}