CVE-2021-29922
Description
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.
Risk Information
Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score
Exploitation Probability
0.325
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update cargo-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update cargo-debuginfo-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update cargo-doc-1.54.0-2.module+el8.5.0+12254+dc27bae9.noarch.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update clippy-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update clippy-debuginfo-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rls-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rls-debuginfo-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-analysis-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-debugger-common-1.54.0-2.module+el8.5.0+12254+dc27bae9.noarch.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-debuginfo-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-debugsource-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-doc-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-gdb-1.54.0-2.module+el8.5.0+12254+dc27bae9.noarch.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-lldb-1.54.0-2.module+el8.5.0+12254+dc27bae9.noarch.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-src-1.54.0-2.module+el8.5.0+12254+dc27bae9.noarch.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-std-static-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-std-static-wasm32-unknown-unknown-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rust-toolset-1.54.0-1.module+el8.5.0+12195+effd8a03.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rustfmt-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
| (RHSA-2021:4270)Moderate: security, bug fix, and enhancement update rustfmt-debuginfo-1.54.0-2.module+el8.5.0+12254+dc27bae9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234