CVE-2019-1010299
published 2019-07-15CVE-2019-1010299: The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rustc | < rustc 1.30.0+dfsg1-1 (bookworm) | rustc 1.30.0+dfsg1-1 (bookworm) |
| rust-lang | rust | >= 1.18.0 < 1.30.0 | 1.30.0 |
| the_rust_programming_language | standard_library | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM