{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-11T19:06:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/rust-lang/rust/issues/78498"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rust-lang/rust/pull/78499"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36317", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/rust-lang/rust/issues/78498", "refsource": "MISC", "url": "https://github.com/rust-lang/rust/issues/78498"}, {"name": "https://github.com/rust-lang/rust/pull/78499", "refsource": "MISC", "url": "https://github.com/rust-lang/rust/pull/78499"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:23:10.174Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rust-lang/rust/issues/78498"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rust-lang/rust/pull/78499"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-36317", "datePublished": "2021-04-11T19:06:28", "dateReserved": "2021-04-11T00:00:00", "dateUpdated": "2024-08-04T17:23:10.174Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD1E66EA-8E0B-4250-9221-20DAECA969B5", "versionEndExcluding": "1.49.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string."}, {"lang": "es", "value": "En la biblioteca est\u00e1ndar en Rust versiones anteriores a 1.49.0, la funci\u00f3n String::retener() presenta un problema de seguridad de p\u00e1nico. Permite una creaci\u00f3n de una cadena Rust que no sea UTF-8 cuando el cierre provisto entra en p\u00e1nico. Este bug podr\u00eda resultar en una violaci\u00f3n de seguridad de la memoria cuando otras API de cadena asumen que es usada una codificaci\u00f3n UTF-8 en la misma cadena"}], "id": "CVE-2020-36317", "lastModified": "2022-06-28T14:11:45.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-11T20:15:12.390", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/rust-lang/rust/issues/78498"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rust-lang/rust/pull/78499"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2243", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rust-toolset-1.49-0:1.49.0-1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-06-03T00:00:00Z"}, {"advisory": "RHSA-2021:2243", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rust-toolset-1.49-rust-0:1.49.0-1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-06-03T00:00:00Z"}, {"advisory": "RHSA-2021:1935", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "rust-toolset:rhel8-8040020210113215649.bd734dca", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}], "bugzilla": {"description": "rust: memory safety violation in String::retain()", "id": "1949189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949189"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-119", "details": ["In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string."], "name": "CVE-2020-36317", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-10-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-36317\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36317"], "threat_severity": "Low", "upstream_fix": "rust 1.49.0"}