PT-2019-5079 · Rust+1 · Rust Programming Language Standard Library+1

Sean Mcarthur

·

Published

2019-05-13

·

Updated

2024-06-15

·

CVE-2019-12083

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions The Rust Programming Language Standard Library versions 1.34.x through 1.34.1 The Rust Programming Language Standard Library version 1.34.0
Description The issue is related to the Error::type id method in the Rust programming language, which can lead to memory unsafety if overridden. This can cause memory safety vulnerabilities, such as out-of-bounds write or read, in safe code. The estimated number of potentially affected devices worldwide is not available.
Recommendations For The Rust Programming Language Standard Library versions 1.34.x through 1.34.1, update to version 1.34.2 or later to resolve the issue. For The Rust Programming Language Standard Library version 1.34.0, update to version 1.34.2 or later to resolve the issue. As a temporary workaround, consider avoiding the override of the Error::type id method until a patch is available.

Exploit

Fix

Buffer Overflow

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125CWE-787

Related Identifiers

BDU:2020-01730
CVE-2019-12083
OPENSUSE-SU-2019:2203-1
OPENSUSE-SU-2019:2244-1
OPENSUSE-SU-2019:2294-1
OPENSUSE-SU-2019_2203-1
OPENSUSE-SU-2019_2244-1
OPENSUSE-SU-2019_2294-1
OPENSUSE-SU-2024:11359-1
OPENSUSE-SU-2024:11360-1
SUSE-SU-2019:2439-1
SUSE-SU-2019:2755-1

Affected Products

Rust Programming Language Standard Library
Suse