CVE-2021-28879

CWE-190Integer Overflow7 documents7 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 21.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Rust-lang RustFedoraproject Fedora
Timeline
PublishedApr 11
Latest updateMay 24

Description

In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDrust-lang/rust< 1.52.0
Debianrustc< 1.53.0+dfsg1-1+2

Also affects: Fedora 32, 33, 34

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-rq3p-62m7-c66f: In the standard library in Rust before 12022-05-24
CVEList
CVE-2021-28879: In the standard library in Rust before 12021-04-11
OSV
CVE-2021-28879: In the standard library in Rust before 12021-04-11

📋Vendor Advisories

3
Microsoft
In the standard library in Rust before 1.52.0 the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is use2021-04-13
Red Hat
rust: integer overflow in the Zip implementation can lead to a buffer overflow2021-03-05
Debian
CVE-2021-28879: rustc - In the standard library in Rust before 1.52.0, the Zip implementation can report...2021
CVE-2021-28879 (CRITICAL CVSS 9.8) | In the standard library in Rust bef | cvebase.io