{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-27T03:08:43", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/rust-lang/rust/issues/80335"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rust-lang/rust/pull/81728"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174"}, {"name": "FEDORA-2021-d0ba1901ca", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190"}, {"name": "FEDORA-2021-b1ba54add6", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/"}, {"name": "FEDORA-2021-d7f74f0250", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36323", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/rust-lang/rust/issues/80335", "refsource": "MISC", "url": "https://github.com/rust-lang/rust/issues/80335"}, {"name": "https://github.com/rust-lang/rust/pull/81728", "refsource": "MISC", "url": "https://github.com/rust-lang/rust/pull/81728"}, {"name": "https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174", "refsource": "MISC", "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174"}, {"name": "FEDORA-2021-d0ba1901ca", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/"}, {"name": "https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190", "refsource": "MISC", "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190"}, {"name": "FEDORA-2021-b1ba54add6", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/"}, {"name": "FEDORA-2021-d7f74f0250", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:23:10.528Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rust-lang/rust/issues/80335"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rust-lang/rust/pull/81728"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174"}, {"name": "FEDORA-2021-d0ba1901ca", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190"}, {"name": "FEDORA-2021-b1ba54add6", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/"}, {"name": "FEDORA-2021-d7f74f0250", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-36323", "datePublished": "2021-04-14T06:10:09", "dateReserved": "2021-04-14T00:00:00", "dateUpdated": "2024-08-04T17:23:10.528Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E9A2A10-536D-4719-9D35-637A525E1E04", "versionEndExcluding": "1.52.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked."}, {"lang": "es", "value": "En la biblioteca standard en Rust versiones anteriores a 1.52.0, se presenta una optimizaci\u00f3n para unir cadenas que pueden causar que los bytes no inicializados queden expuestos (o que el programa se bloquee) si la cadena prestada cambia despu\u00e9s de que su longitud es comprobada"}], "id": "CVE-2020-36323", "lastModified": "2023-11-07T03:22:14.470", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-14T07:15:12.087", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rust-lang/rust/issues/80335"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rust-lang/rust/pull/81728"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:3042", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rust-toolset-1.52-0:1.52.1-1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-08-10T00:00:00Z"}, {"advisory": "RHSA-2021:3042", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rust-toolset-1.52-rust-0:1.52.1-2.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-08-10T00:00:00Z"}, {"advisory": "RHSA-2021:3063", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "rust-toolset:rhel8-8040020210603202531.2daa1a95", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-10T00:00:00Z"}], "bugzilla": {"description": "rust: optimization for joining strings can cause uninitialized bytes to be exposed", "id": "1950396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950396"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked."], "name": "CVE-2020-36323", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-12-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-36323\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36323"], "threat_severity": "Moderate"}