CVE-2019-12083
published 2019-05-13CVE-2019-12083: The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rustc | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| rust-lang | rust | >= 0 < 1.34.2-r0 | 1.34.2-r0 |
| rust-lang | rust | >= 0 < 1.34.2-r0 | 1.34.2-r0 |
| rust-lang | rust | >= 0 < 1.34.2-r0 | 1.34.2-r0 |
| rust-lang | rust | >= 0 < 1.34.2-r0 | 1.34.2-r0 |
| rust-lang | rust | >= 0 < 1.34.2-r0 | 1.34.2-r0 |
| rust-lang | rust | >= 1.34.0 < 1.34.2 | 1.34.2 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH