PT-2020-17584 · Rust · Abi Stable Crate

Published

2020-12-21

Updated

2021-08-25

CVE-2020-36212

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions abi stable crate versions prior to 0.9.1

Description The issue is related to soundness bugs in the abi stable crate for Rust, specifically due to a double drop in DrainFilter and the potential creation of an invalid UTF-8 string. This could lead to violations of soundness. The flaw is attributed to code from the Rust standard library that contained similar soundness bugs.

Recommendations For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of DrainFilter and retain calls that could create invalid UTF-8 strings until the update is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-672CWE-172

Related Identifiers

CVE-2020-36212

GHSA-VQ23-5H4F-VWPV

GHSA-WQXC-QRQ4-W5V4

RUSTSEC-2020-0105

Affected Products

Abi Stable Crate

PT-2020-17584 · Rust · Abi Stable Crate

CVE-2020-36212

Weakness Enumeration

Related Identifiers

Affected Products

References · 10