Описание
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
Отчет
VecDeque::make_contiguous is not considered stable is versions of rust prior to 1:48. As a result, it should not be used as shipped in Red Hat Enterprise Linux versions 8.3 and older.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 9 | rust | Not affected | ||
| Red Hat Developer Tools | rust-toolset-1.49 | Fixed | RHSA-2021:2243 | 03.06.2021 |
| Red Hat Developer Tools | rust-toolset-1.49-rust | Fixed | RHSA-2021:2243 | 03.06.2021 |
| Red Hat Enterprise Linux 8 | rust-toolset | Fixed | RHSA-2021:1935 | 18.05.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
In the standard library in Rust before 1.49.0, VecDeque::make_contiguo ...
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
EPSS
9.8 Critical
CVSS3