OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-28 15:28:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d8701fad2d40aeca8e8564692f14a8d7c30a5136
advisory-db/rust/std/CVE-2020-36323.md
Yechan Bae afbc0dc9e1 Update five std CVEs (#946)
2021-07-06 12:36:13 -06:00

543 B
Raw Blame History 

[advisory]
id = "CVE-2020-36323"
package = "std"
categories = ["memory-exposure"]
date = "2020-12-23"
url = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323"

[versions]
patched = [">= 1.52.0"]
unaffected = ["< 1.28.0"]

API soundness issue in join() implementation of [Borrow<str>]

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.