CVE-2021-28875

Опубликовано: 11 апр. 2021

Источник: debian

EPSS Низкий

Описание

In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
rustc	fixed	1.53.0+dfsg1-1		package
rustc	no-dsa		bullseye	package
rustc	no-dsa		buster	package
rustc	no-dsa		stretch	package

Примечания

https://github.com/rust-lang/rust/issues/80894
https://github.com/rust-lang/rust/pull/80895

EPSS

Процентиль: 43%

0.00204

Низкий

Связанные уязвимости

CVE-2021-28875

CVSS3: 7.5

ubuntu

больше 4 лет назад

In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

CVE-2021-28875

CVSS3: 7.5

redhat

больше 4 лет назад

In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

CVE-2021-28875

CVSS3: 7.5

nvd

больше 4 лет назад

In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

CVE-2021-28875

CVSS3: 7.5

msrc

больше 4 лет назад

Описание отсутствует

GHSA-fhrh-9gc2-pfgh

CVSS3: 7.5

github

около 3 лет назад

In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

EPSS

Процентиль: 43%

0.00204

Низкий