cnvd - cnvd-2021-33045

cnvd-2021-33045

Vulnerability from cnvd

Title: Mozilla Rust格式化字符串错误漏洞

Description:

Rust是Mozilla基金会的一款通用、编译型编程语言。

Rust 1.52.0之前版本中的standard library存在格式化字符串错误漏洞，该漏洞源于如果在检查了借来的字符串长度后改变了它，可能会导致未初始化的字节被暴露(或者程序崩溃)。目前没有详细的漏洞细节提供。

Severity: 中

Patch Name: Mozilla Rust格式化字符串错误漏洞的补丁

Patch Description:

Rust是Mozilla基金会的一款通用、编译型编程语言。

Rust 1.52.0之前版本中的standard library存在格式化字符串错误漏洞，该漏洞源于如果在检查了借来的字符串长度后改变了它，可能会导致未初始化的字节被暴露(或者程序崩溃)。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://github.com/rust-lang/rust

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-36323

Impacted products

Name
Mozilla Rust <1.52.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-36323",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-36323"
    }
  },
  "description": "Rust\u662fMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u901a\u7528\u3001\u7f16\u8bd1\u578b\u7f16\u7a0b\u8bed\u8a00\u3002\n\nRust 1.52.0\u4e4b\u524d\u7248\u672c\u4e2d\u7684standard library\u5b58\u5728\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5982\u679c\u5728\u68c0\u67e5\u4e86\u501f\u6765\u7684\u5b57\u7b26\u4e32\u957f\u5ea6\u540e\u6539\u53d8\u4e86\u5b83\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u672a\u521d\u59cb\u5316\u7684\u5b57\u8282\u88ab\u66b4\u9732(\u6216\u8005\u7a0b\u5e8f\u5d29\u6e83)\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://github.com/rust-lang/rust",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-33045",
  "openTime": "2021-05-07",
  "patchDescription": "Rust\u662fMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u901a\u7528\u3001\u7f16\u8bd1\u578b\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nRust 1.52.0\u4e4b\u524d\u7248\u672c\u4e2d\u7684standard library\u5b58\u5728\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5982\u679c\u5728\u68c0\u67e5\u4e86\u501f\u6765\u7684\u5b57\u7b26\u4e32\u957f\u5ea6\u540e\u6539\u53d8\u4e86\u5b83\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u672a\u521d\u59cb\u5316\u7684\u5b57\u8282\u88ab\u66b4\u9732(\u6216\u8005\u7a0b\u5e8f\u5d29\u6e83)\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Rust\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Mozilla Rust \u003c1.52.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-36323",
  "serverity": "\u4e2d",
  "submitTime": "2021-05-06",
  "title": "Mozilla Rust\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2020-36323 (GCVE-0-2020-36323)

Vulnerability from cvelistv5

Published

2021-04-14 06:10

Modified

2024-08-04 17:23

Severity ?

CWE

Summary

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.

References

▼	URL	Tags
	https://github.com/rust-lang/rust/issues/80335	x_refsource_MISC
	https://github.com/rust-lang/rust/pull/81728	x_refsource_MISC
	https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/	vendor-advisory, x_refsource_FEDORA
	https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:10.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rust-lang/rust/issues/80335"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rust-lang/rust/pull/81728"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174"
          },
          {
            "name": "FEDORA-2021-d0ba1901ca",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190"
          },
          {
            "name": "FEDORA-2021-b1ba54add6",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/"
          },
          {
            "name": "FEDORA-2021-d7f74f0250",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-27T03:08:43",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rust-lang/rust/issues/80335"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rust-lang/rust/pull/81728"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174"
        },
        {
          "name": "FEDORA-2021-d0ba1901ca",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190"
        },
        {
          "name": "FEDORA-2021-b1ba54add6",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/"
        },
        {
          "name": "FEDORA-2021-d7f74f0250",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rust-lang/rust/issues/80335",
              "refsource": "MISC",
              "url": "https://github.com/rust-lang/rust/issues/80335"
            },
            {
              "name": "https://github.com/rust-lang/rust/pull/81728",
              "refsource": "MISC",
              "url": "https://github.com/rust-lang/rust/pull/81728"
            },
            {
              "name": "https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174",
              "refsource": "MISC",
              "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174"
            },
            {
              "name": "FEDORA-2021-d0ba1901ca",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/"
            },
            {
              "name": "https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190",
              "refsource": "MISC",
              "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190"
            },
            {
              "name": "FEDORA-2021-b1ba54add6",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/"
            },
            {
              "name": "FEDORA-2021-d7f74f0250",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36323",
    "datePublished": "2021-04-14T06:10:09",
    "dateReserved": "2021-04-14T00:00:00",
    "dateUpdated": "2024-08-04T17:23:10.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted