Skifire13

Name of the Vulnerable Software and Affected Versions: Rust versions prior to 1.52.0 Description: The issue arises in the standard library of Rust when the Zip implementation calls ` iterator get unchecked()` more than once for the same index under certain conditions, specifically when `next back()` and `next()` are used together. This can lead to a memory safety violation due to an unmet safety requirement for the `TrustedRandomAccess` trait. Recommendations: For Rust versions prior to 1.52.0, update to version 1.52.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of `next back()` and `next()` together in the Zip implementation until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Rust versions prior to 1.52.0 Description: The issue arises from an integer overflow in the Zip implementation of Rust's standard library, causing it to report an incorrect size. This can lead to a buffer overflow when a consumed Zip iterator is used again. Recommendations: For versions prior to 1.52.0, update to version 1.52.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Rust versions prior to 1.49.0 Description: The issue is related to a panic safety problem in the `String::retain()` function. This function allows the creation of a non-UTF-8 Rust string when the provided closure panics, potentially resulting in a memory safety violation. This violation can occur when other string APIs assume that UTF-8 encoding is used on the same string. Recommendations: For versions prior to 1.49.0, update to version 1.49.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `String::retain()` function until a patch is available. Restrict access to string APIs that assume UTF-8 encoding to minimize the risk of exploitation.