CVE-2021-29922

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Rust versions prior to 1.53.0

Description The issue is related to the improper handling of extraneous zero characters at the beginning of an IP address string in the library/std/src/net/parser.rs file. This can allow attackers to bypass access control based on IP addresses due to unexpected octal interpretation, potentially leading to data integrity violations and denial of service.

Recommendations For Rust versions prior to 1.53.0, update to version 1.53.0 or later to resolve the issue. As a temporary workaround, consider restricting access to IP addresses that may be interpreted incorrectly due to octal representation. Avoid using IP addresses with leading zeros in configurations until the issue is resolved.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALSA-2021:4270

ALT-PU-2021-2260

ALT-PU-2021-3365

ALT-PU-2022-1778

BDU:2022-01689

CESA-2021_4270

CVE-2021-29922

OESA-2021-1323

RHSA-2021:4270

RHSA-2021_4270

RLSA-2021:4270

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Red Hat

Rocky Linux

Rust

CVE-2021-29922

Weakness Enumeration

Related Identifiers

Affected Products

References · 32