CVE-2021-28878

Name
CVE-2021-28878
Description
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/rust-lang/rust/issues/82291
MISC https://github.com/rust-lang/rust/pull/82292
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:* rust >= None < 1.52.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rust 3.13-community 1.47.0-r2 Rasmus Thomsen <oss@cogitri.dev> possibly vulnerable