CVE-2021-28879

CVE-2021-28879

Name

CVE-2021-28879

Description

In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/rust-lang/rust/pull/82289
MISC	https://github.com/rust-lang/rust/issues/82282
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/

Type

URI

MISC

https://github.com/rust-lang/rust/pull/82289

MISC

https://github.com/rust-lang/rust/issues/82282

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:rust-lang:rust::::::::`	rust	>= None	< 1.52.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*

rust

>= None

< 1.52.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
rust	edge-main	1.51.0-r2	None	possibly vulnerable
rust	edge-main	1.34.2-r0	None	possibly vulnerable
rust	edge-main	1.26.0-r0	None	possibly vulnerable
rust	edge-community	1.51.0-r2	Rasmus Thomsen <oss@cogitri.dev>	possibly vulnerable
rust	edge-community	1.34.2-r0	None	possibly vulnerable
rust	edge-community	1.26.0-r0	None	possibly vulnerable
rust	3.22-main	1.51.0-r2	None	possibly vulnerable
rust	3.22-main	1.34.2-r0	None	possibly vulnerable
rust	3.22-main	1.26.0-r0	None	possibly vulnerable
rust	3.21-main	1.51.0-r2	None	possibly vulnerable
rust	3.21-main	1.34.2-r0	None	possibly vulnerable
rust	3.21-main	1.26.0-r0	None	possibly vulnerable
rust	3.20-main	1.51.0-r2	None	possibly vulnerable
rust	3.20-main	1.34.2-r0	None	possibly vulnerable
rust	3.20-main	1.26.0-r0	None	possibly vulnerable
rust	3.19-main	1.51.0-r2	None	possibly vulnerable
rust	3.19-main	1.34.2-r0	None	possibly vulnerable
rust	3.19-main	1.26.0-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

rust

edge-main

1.51.0-r2

None

possibly vulnerable

rust

edge-main