CVE-2020-36317

In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/rust-lang/rust/issues/78498	Exploit Issue Tracking Third Party Advisory
https://github.com/rust-lang/rust/pull/78499	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-04-11 20:15

Updated : 2024-02-04 21:47

NVD link : CVE-2020-36317

Mitre link : CVE-2020-36317

CVE.ORG link : CVE-2020-36317

JSON object : View

Products Affected

rust-lang

rust

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2020-36317", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-04-11T20:15:12.390", "references": [{"url": "https://github.com/rust-lang/rust/issues/78498", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/rust-lang/rust/pull/78499", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string."}, {"lang": "es", "value": "En la biblioteca est\u00e1ndar en Rust versiones anteriores a 1.49.0, la funci\u00f3n String::retener() presenta un problema de seguridad de p\u00e1nico. Permite una creaci\u00f3n de una cadena Rust que no sea UTF-8 cuando el cierre provisto entra en p\u00e1nico. Este bug podr\u00eda resultar en una violaci\u00f3n de seguridad de la memoria cuando otras API de cadena asumen que es usada una codificaci\u00f3n UTF-8 en la misma cadena"}], "lastModified": "2022-06-28T14:11:45.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD1E66EA-8E0B-4250-9221-20DAECA969B5", "versionEndExcluding": "1.49.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}