CVE-2019-12083
Severity
8.1HIGH
EPSS
0.7%
top 27.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 13
Latest updateMay 24
Description
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9
Affected Packages3 packages
Also affects: Fedora 29, 30
🔴Vulnerability Details
3📋Vendor Advisories
1Debian▶
CVE-2019-12083: rustc - The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a s...↗2019
💬Community
4Bugzilla▶
CVE-2019-12083 rust: overriden stabilized method `Error::type_id` can violate Rust's safety guarantees leading to out-of-bounds write or read [fedora-30]↗2019-05-14
Bugzilla▶
CVE-2019-12083 rust: overriden stabilized method `Error::type_id` can violate Rust's safety guarantees leading to out-of-bounds write or read [epel-7]↗2019-05-14
Bugzilla▶
CVE-2019-12083 rust: overriden stabilized method `Error::type_id` can violate Rust's safety guarantees leading to out-of-bounds write or read [fedora-29]↗2019-05-14
Bugzilla▶
CVE-2019-12083 rust: overriden stabilized method `Error::type_id` can violate Rust's safety guarantees leading to out-of-bounds write or read↗2019-05-14