Home

CVE-2021-28878

Description

In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.012

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update cargo-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update cargo-doc-1.52.1-1.module+el8.4.0+11282+0729bac9.noarch.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update clippy-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rls-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-analysis-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-debugger-common-1.52.1-1.module+el8.4.0+11282+0729bac9.noarch.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-debugsource-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-doc-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-gdb-1.52.1-1.module+el8.4.0+11282+0729bac9.noarch.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-lldb-1.52.1-1.module+el8.4.0+11282+0729bac9.noarch.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-src-1.52.1-1.module+el8.4.0+11282+0729bac9.noarch.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-std-static-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rust-toolset-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
(RHSA-2021:3063) rust-toolset:rhel8 security, bug fix, and enhancement update rustfmt-1.52.1-1.module+el8.4.0+11282+0729bac9.x86_64.rpmLinux
Cargo update (ELSA-2021-3063) cargo-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Cargo-doc update (ELSA-2021-3063) cargo-doc-1.52.1-1.module+el8.4.0+20287+5ada6442.noarch.rpmLinux
Clippy update (ELSA-2021-3063) clippy-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rls update (ELSA-2021-3063) rls-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rust update (ELSA-2021-3063) rust-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rust-analysis update (ELSA-2021-3063) rust-analysis-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rust-debugger-common update (ELSA-2021-3063) rust-debugger-common-1.52.1-1.module+el8.4.0+20287+5ada6442.noarch.rpmLinux
Rust-doc update (ELSA-2021-3063) rust-doc-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rust-gdb update (ELSA-2021-3063) rust-gdb-1.52.1-1.module+el8.4.0+20287+5ada6442.noarch.rpmLinux
Rust-lldb update (ELSA-2021-3063) rust-lldb-1.52.1-1.module+el8.4.0+20287+5ada6442.noarch.rpmLinux
Rust-src update (ELSA-2021-3063) rust-src-1.52.1-1.module+el8.4.0+20287+5ada6442.noarch.rpmLinux
Rust-std-static update (ELSA-2021-3063) rust-std-static-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rust-toolset update (ELSA-2021-3063) rust-toolset-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Rustfmt update (ELSA-2021-3063) rustfmt-1.52.1-1.module+el8.4.0+20287+5ada6442.x86_64.rpmLinux
Cargo update (ELSA-2022-1894) cargo-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Cargo-doc update (ELSA-2022-1894) cargo-doc-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Clippy update (ELSA-2022-1894) clippy-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rls update (ELSA-2022-1894) rls-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust update (ELSA-2022-1894) rust-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-analysis update (ELSA-2022-1894) rust-analysis-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-debugger-common update (ELSA-2022-1894) rust-debugger-common-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-doc update (ELSA-2022-1894) rust-doc-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-gdb update (ELSA-2022-1894) rust-gdb-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-lldb update (ELSA-2022-1894) rust-lldb-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-src update (ELSA-2022-1894) rust-src-1.58.1-1.module+el8.6.0+20563+1eb4e043.noarch.rpmLinux
Rust-std-static update (ELSA-2022-1894) rust-std-static-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-std-static-wasm32-unknown-unknown update (ELSA-2022-1894) rust-std-static-wasm32-unknown-unknown-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-std-static-wasm32-wasi update (ELSA-2022-1894) rust-std-static-wasm32-wasi-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rust-toolset update (ELSA-2022-1894) rust-toolset-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux
Rustfmt update (ELSA-2022-1894) rustfmt-1.58.1-1.module+el8.6.0+20563+1eb4e043.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234