Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000810

Опубликовано: 24 сент. 2018
Источник: redhat
CVSS3: 7.4
EPSS Низкий

Описание

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.

A buffer overflow vulnerability was discovered in Rust that affects the str::repeat function in the standard library. An attacker could abuse this flaw by controlling the arguments given to str::repeat and can cause a Rust program to overflow a buffer in memory, potentially leading to a crash or arbitrary code execution.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Developer ToolsrustNot affected
Red Hat Enterprise Linux 8rust-toolset:rhel8/rustNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1632932rust: Buffer overflow in str::repeat function in the standard library

EPSS

Процентиль: 70%
0.00625
Низкий

7.4 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1000810

CVSS3: 9.8
ubuntu
больше 7 лет назад

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.

nvd логотип

CVE-2018-1000810

CVSS3: 9.8
nvd
больше 7 лет назад

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.

debian логотип

CVE-2018-1000810

CVSS3: 9.8
debian
больше 7 лет назад

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, ...

github логотип

GHSA-2cg9-g249-7mf2

CVSS3: 9.8
github
больше 3 лет назад

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.

EPSS

Процентиль: 70%
0.00625
Низкий

7.4 High

CVSS3