CVE-2021-28875

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Rust versions prior to 1.50.0

Description: The issue arises from the read to end() function in the standard library not validating the return value from Read in an unsafe context, potentially leading to a buffer overflow.

Recommendations: For versions prior to 1.50.0, update to version 1.50.0 or later to resolve the issue. As a temporary workaround, consider adding manual validation for the return value from Read in unsafe contexts to prevent potential buffer overflows.

Exploit

Fix

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252

Related Identifiers

ALT-PU-2021-1420

ALT-PU-2021-3365

ALT-PU-2022-1778

CESA-2021_3063

CVE-2021-28875

OESA-2021-1214

RHSA-2021:3042

RHSA-2021:3063

RHSA-2021_3063

RLSA-2021:3063

Affected Products

Alt Linux

Astra Linux

Centos

Debian

Red Hat

Rocky Linux

Rust

CVE-2021-28875

Weakness Enumeration

Related Identifiers

Affected Products

References · 30