Home

CVE-2020-36323

Description

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.

Risk Information

Base Score
8.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS Score
Exploitation Probability
0.705

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update cargo-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update cargo-doc-1.52.1-1.module+el8.4.0+11282+0729bac9.noarch.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update clippy-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rls-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-analysis-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-debugger-common-1.52.1-1.module+el8.4.0+11282+0729bac9.noarch.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-debugsource-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-doc-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-gdb-1.52.1-1.module+el8.4.0+11282+0729bac9.noarch.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-lldb-1.52.1-1.module+el8.4.0+11282+0729bac9.noarch.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-src-1.52.1-1.module+el8.4.0+11282+0729bac9.noarch.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-std-static-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-toolset-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rustfmt-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
Cargo update (ELSA-2021-3063) cargo-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Cargo-doc update (ELSA-2021-3063) cargo-doc-1.52.1-1.module+el8.4.0+20287+5ada6442.noarch.rpmLinux
Clippy update (ELSA-2021-3063) clippy-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rls update (ELSA-2021-3063) rls-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rust update (ELSA-2021-3063) rust-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rust-analysis update (ELSA-2021-3063) rust-analysis-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rust-debugger-common update (ELSA-2021-3063) rust-debugger-common-1.52.1-1.module+el8.4.0+20287+5ada6442.noarch.rpmLinux
Rust-doc update (ELSA-2021-3063) rust-doc-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rust-gdb update (ELSA-2021-3063) rust-gdb-1.52.1-1.module+el8.4.0+20287+5ada6442.noarch.rpmLinux
Rust-lldb update (ELSA-2021-3063) rust-lldb-1.52.1-1.module+el8.4.0+20287+5ada6442.noarch.rpmLinux
Rust-src update (ELSA-2021-3063) rust-src-1.52.1-1.module+el8.4.0+20287+5ada6442.noarch.rpmLinux
Rust-std-static update (ELSA-2021-3063) rust-std-static-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rust-toolset update (ELSA-2021-3063) rust-toolset-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rustfmt update (ELSA-2021-3063) rustfmt-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Cargo update (ELSA-2022-1894) cargo-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Cargo-doc update (ELSA-2022-1894) cargo-doc-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Clippy update (ELSA-2022-1894) clippy-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rls update (ELSA-2022-1894) rls-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust update (ELSA-2022-1894) rust-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-analysis update (ELSA-2022-1894) rust-analysis-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-debugger-common update (ELSA-2022-1894) rust-debugger-common-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-doc update (ELSA-2022-1894) rust-doc-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-gdb update (ELSA-2022-1894) rust-gdb-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-lldb update (ELSA-2022-1894) rust-lldb-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-src update (ELSA-2022-1894) rust-src-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-std-static update (ELSA-2022-1894) rust-std-static-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-std-static-wasm32-unknown-unknown update (ELSA-2022-1894) rust-std-static-wasm32-unknown-unknown-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-std-static-wasm32-wasi update (ELSA-2022-1894) rust-std-static-wasm32-wasi-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-toolset update (ELSA-2022-1894) rust-toolset-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rustfmt update (ELSA-2022-1894) rustfmt-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234