Rust
CVE-2019-1010299
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d.
AnalysisAI
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d. Affected products include: Rust-Lang Rust.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
Command injection via Windows CreateProcess argument parsing affects multiple language runtimes and tooling (Node.js, PH
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the ele
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer ove
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginni
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, c
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once fo
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe c
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration
Rust is a programming language. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no auth
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contai
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. Rated medium severity (C
Rust is a programming language. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This OS Com
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today