PT-2020-17497 · Rust · Os Str Bytes

Published

2020-04-24

Updated

2021-08-25

CVE-2020-35865

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions os str bytes crate versions prior to 2.0.0

Description The issue arises from false expectations about the behavior of char::from u32 unchecked. Specifically, the Windows implementation of the os str bytes crate relied on the behavior of std::char::from u32 unchecked when its safety clause is violated. Although this behavior worked with Rust versions up to 1.42, it could change with any new Rust version, potentially leading to a security issue.

Recommendations For os str bytes crate versions prior to 2.0.0, update to version 2.0.0 to resolve the issue.

Fix

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-704

Related Identifiers

CVE-2020-35865

GHSA-Q948-X8RF-888M

RUSTSEC-2020-0012

Affected Products

Os Str Bytes

PT-2020-17497 · Rust · Os Str Bytes

CVE-2020-35865

Weakness Enumeration

Related Identifiers

Affected Products

References · 8