OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 06:29:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add std CVE (#869)

Browse Source
This commit is contained in:
Yechan Bae
2021-04-13 17:22:28 -04:00
committed by GitHub
parent ce4db769c2
commit 22b59ea8a3
8 changed files with 128 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
rust/std/CVE-2015-20001.md Normal file
View File

@@ -0,0 +1,16 @@
```toml
[advisory]
id = "CVE-2015-20001"
package = "std"
categories = ["memory-corruption"]
date = "2015-05-27"
url = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20001"
[versions]
patched = [">= 1.2.0"]
unaffected = ["< 1.0.0"]
```
# Panic safety violation in BinaryHeap
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation.

16
rust/std/CVE-2020-36317.md Normal file
View File

@@ -0,0 +1,16 @@
```toml
[advisory]
id = "CVE-2020-36317"
package = "std"
categories = ["memory-corruption"]
date = "2020-10-28"
url = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36317"
[versions]
patched = [">= 1.49.0"]
unaffected = ["< 1.26.0"]
```
# String::retain allows safely creating invalid strings when abusing panic
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.

16
rust/std/CVE-2020-36318.md Normal file
View File

@@ -0,0 +1,16 @@
```toml
[advisory]
id = "CVE-2020-36318"
package = "std"
categories = ["memory-corruption"]
date = "2020-12-07"
url = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36318"
[versions]
patched = [">= 1.49.0"]
unaffected = ["< 1.48.0"]
```
# VecDeque::make_contiguous may duplicate the contained elements
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.

16
rust/std/CVE-2021-28875.md Normal file
View File

@@ -0,0 +1,16 @@
```toml
[advisory]
id = "CVE-2021-28875"
package = "std"
categories = ["memory-corruption"]
date = "2021-01-10"
url = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28875"
[versions]
patched = [">= 1.50.0"]
unaffected = ["< 1.20.0"]
```
# Logic bug in Read can cause buffer overflow in read_to_end()
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

16
rust/std/CVE-2021-28876.md Normal file
View File

@@ -0,0 +1,16 @@
```toml
[advisory]
id = "CVE-2021-28876"
package = "std"
categories = ["memory-corruption"]
date = "2021-02-04"
url = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876"
[versions]
patched = [">= 1.52.0"]
unaffected = ["< 1.14.0"]
```
# Panic safety issue in Zip specialization
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

16
rust/std/CVE-2021-28877.md Normal file
View File

@@ -0,0 +1,16 @@
```toml
[advisory]
id = "CVE-2021-28877"
package = "std"
categories = ["memory-corruption"]
date = "2021-01-03"
url = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28877"
[versions]
patched = [">= 1.51.0"]
unaffected = ["< 1.11.0"]
```
# TrustedRandomAaccess specialization composes incorrectly for nested iter::Zips
In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

16
rust/std/CVE-2021-28878.md Normal file
View File

@@ -0,0 +1,16 @@
```toml
[advisory]
id = "CVE-2021-28878"
package = "std"
categories = ["memory-corruption"]
date = "2021-02-19"
url = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878"
[versions]
patched = [">= 1.52.0"]
unaffected = ["< 1.14.0"]
```
# Zip may call __iterator_get_unchecked twice with the same index
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

16
rust/std/CVE-2021-28879.md Normal file
View File

@@ -0,0 +1,16 @@
```toml
[advisory]
id = "CVE-2021-28879"
package = "std"
categories = ["memory-corruption"]
date = "2021-02-18"
url = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879"
[versions]
patched = [">= 1.52.0"]
unaffected = ["< 1.14.0"]
```
# Zip can cause buffer overflow when a consumed Zip iterator is used again
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.