RHSA-2021:3042MediumCVSS 9.8
Red Hat Security Advisory: rust-toolset-1.52 and rust-toolset-1.52-rust security and enhancement update
🔗 CVE IDs covered (7)
📋 Description
CVE-2020-36323 — rust: optimization for joining strings can cause uninitialized bytes to be exposed CVE-2021-28875 — rust: heap-based buffer overflow in read_to_end() because it does not validate the return value from Read in an unsafe context CVE-2021-28876 — rust: panic safety issue in Zip implementation CVE-2021-28877 — rust: memory safety violation in Zip implementation for nested iter::Zips CVE-2021-28878 — rust: memory safety violation in Zip implementation when next_back() and next() are used together CVE-2021-28879 — rust: integer overflow in the Zip implementation can lead to a buffer overflow CVE-2021-31162 — rust: double free in Vec::from_iter function if freeing the element panics
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2021:3042
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_developer_tools/1/html/using_rust_1.52.1_toolset
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1949194
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1949198
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1949204
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1949207
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1949211
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1950396
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1950398
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3042.json