Published: 11/04/2021 Updated: 03/11/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In the standard library in Rust prior to 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rust-lang rust

Debian Bug report logs - #986803 CVE-2021-28875 CVE-2021-28876 CVE-2021-28877 CVE-2021-28878 CVE-2021-28879 CVE-2020-36317 CVE-2020-36318 Package: rustc; Maintainer for rustc is Debian Rust Maintainers <pkg-rust-maintainers@alioth-listsdebiannet>; Source for rustc is src:rustc (PTS, buildd, popcon) Reported by: Moritz Mueh ...

In the standard library in Rust before 1500, read_to_end() does not validate the return value from Read in an unsafe context This bug could lead to a buffer overflow ...

Rudra's artifact evaluation submission

Artifact Evaluation Submission for RUDRA [SOSP '21] Paper: RUDRA: Finding Memory Safety Bugs in Rust at the Ecosystem Scale Note: This document was written when Rudra was using nightly-2020-08-26 version of the Rust compiler Most of the parts should work with the latest version of Rudra, but some parts (eg, stdlib analysis) are tied to that version and you might need ru

CWE-252 https://github.com/rust-lang/rust/issues/80894 https://github.com/rust-lang/rust/pull/80895 https://security.gentoo.org/glsa/202210-09 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803 https://nvd.nist.gov https://github.com/sslab-gatech/Rudra-Artifacts

CVE-2021-28875

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect