Home

CVE-2019-12083

Description

The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rusts safety guarantees and cause memory unsafety. If the Error::type_id method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.769

Associated Vulnerability

VulnerabilityOS Platform
Cargo update (ELSA-2022-1894) cargo-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Cargo-doc update (ELSA-2022-1894) cargo-doc-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Clippy update (ELSA-2022-1894) clippy-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rls update (ELSA-2022-1894) rls-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust update (ELSA-2022-1894) rust-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-analysis update (ELSA-2022-1894) rust-analysis-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-debugger-common update (ELSA-2022-1894) rust-debugger-common-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-doc update (ELSA-2022-1894) rust-doc-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-gdb update (ELSA-2022-1894) rust-gdb-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-lldb update (ELSA-2022-1894) rust-lldb-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-src update (ELSA-2022-1894) rust-src-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-std-static update (ELSA-2022-1894) rust-std-static-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-std-static-wasm32-unknown-unknown update (ELSA-2022-1894) rust-std-static-wasm32-unknown-unknown-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-std-static-wasm32-wasi update (ELSA-2022-1894) rust-std-static-wasm32-wasi-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-toolset update (ELSA-2022-1894) rust-toolset-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rustfmt update (ELSA-2022-1894) rustfmt-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234