Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-29922

Опубликовано: 29 мар. 2021
Источник: redhat
CVSS3: 7.3
EPSS Низкий

Описание

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.

A flaw was found in rust. Extraneous zero characters at the beginning of an IP address string are not properly considered which can allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Developer Toolsrust-toolset-1.52-rustAffected
Red Hat Enterprise Linux 9rustNot affected
Red Hat Enterprise Linux 8rust-toolsetFixedRHSA-2021:427009.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1991962rust: incorrect parsing of extraneous zero characters at the beginning of an IP address string

EPSS

Процентиль: 39%
0.00175
Низкий

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-29922

CVSS3: 9.1
ubuntu
больше 4 лет назад

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.

nvd логотип

CVE-2021-29922

CVSS3: 9.1
nvd
больше 4 лет назад

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.

debian логотип

CVE-2021-29922

CVSS3: 9.1
debian
больше 4 лет назад

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly ...

rocky логотип

RLSA-2021:4270

rocky
около 4 лет назад

Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update

github логотип

GHSA-g9v3-gh27-qjh3

CVSS3: 9.1
github
больше 3 лет назад

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.

EPSS

Процентиль: 39%
0.00175
Низкий

7.3 High

CVSS3