CVE-2018-1000810

Name of the Vulnerable Software and Affected Versions The Rust Programming Language Standard Library versions 1.27.1 through 1.29.0 The Rust Programming Language Standard Library version 1.27.2 The Rust Programming Language Standard Library version 1.28.0 The Rust Programming Language Standard Library versions 126.0 through 126.2 The Rust Programming Language Standard Library version 127.0

Description The issue is related to an integer overflow to buffer overflow in the standard library, which can result in a buffer overflow. This can be exploited via the str::repeat function, passed a large number, causing an internal buffer overflow.

Recommendations For version 1.27.1, update to version 1.29.1 or later. For version 1.27.2, update to version 1.29.1 or later. For version 1.28.0, update to version 1.29.1 or later. For versions 126.0 through 126.2, update to version 1.29.1 or later. For version 127.0, update to version 1.29.1 or later. As a temporary workaround, consider avoiding the use of the str::repeat function with large numbers until a patch is available.