Rust
CVE-2021-28878
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
AnalysisAI
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. Affected products include: Rust-Lang Rust, Fedoraproject Fedora. Version information: before 1.52.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
Command injection via Windows CreateProcess argument parsing affects multiple language runtimes and tooling (Node.js, PH
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the ele
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer ove
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginni
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, c
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe c
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration
Rust is a programming language. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no auth
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contai
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. Rated medium severity (C
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. Rated med
Rust is a programming language. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This OS Com
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today