PT-2020-17585 · Rust · Abi Stable Crate

Published

2020-12-21

Updated

2021-08-25

CVE-2020-36213

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions abi stable crate versions prior to 0.9.1

Description The issue concerns soundness bugs in the abi stable crate for Rust, where a retain call can create an invalid UTF-8 string and DrainFilter lacks soundness due to a double drop. These bugs are related to issues in the Rust standard library.

Recommendations For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the retain call and DrainFilter function until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-672CWE-172

Related Identifiers

CVE-2020-36213

GHSA-VQ23-5H4F-VWPV

GHSA-WQXC-QRQ4-W5V4

RUSTSEC-2020-0105

Affected Products

Abi Stable Crate

PT-2020-17585 · Rust · Abi Stable Crate

CVE-2020-36213

Weakness Enumeration

Related Identifiers

Affected Products

References · 9