CVE-2018-1000810

CWE-190Integer OverflowCWE-119Buffer Overflow9 documents7 sources
Severity
9.8CRITICAL
EPSS
0.6%
top 29.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Rust-lang Rust
Timeline
PublishedOct 8
Latest updateMay 14

Description

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianrustc< 1.30.0+dfsg1-1+3
NVDrust-lang/rust8 versions+7

🔴Vulnerability Details

3
GHSA
GHSA-2cg9-g249-7mf2: The Rust Programming Language Standard Library version 12022-05-14
OSV
CVE-2018-1000810: The Rust Programming Language Standard Library version 12018-10-08
CVEList
CVE-2018-1000810: The Rust Programming Language Standard Library version 12018-10-08

📋Vendor Advisories

2
Red Hat
rust: Buffer overflow in str::repeat function in the standard library2018-09-24
Debian
CVE-2018-1000810: rustc - The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1...2018

💬Community

3
Bugzilla
CVE-2018-1000810 rust: Buffer overflow in str::repeat function in the standard library2018-09-25
Bugzilla
CVE-2018-1000810 rust: Buffer overflow in str::repeat function in the standard library [fedora-all]2018-09-25
Bugzilla
CVE-2018-1000810 rust: Buffer overflow in str::repeat function in the standard library [epel-7]2018-09-25
CVE-2018-1000810 (CRITICAL CVSS 9.8) | The Rust Programming Language Stand | cvebase.io