CVE-2020-36323

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
rust-langrust
𝑥
< 1.52.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rustc
bullseye
no-dsa
buster
no-dsa
stretch
no-dsa
bookworm
1.63.0+dfsg1-2
fixed
sid
1.82.0+dfsg1-2
fixed
trixie
1.82.0+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rustc
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
ignored
jammy
Fixed 1.53.0+dfsg1+llvm-4ubuntu1
released
impish
ignored
hirsute
ignored
groovy
ignored
focal
Fixed 1.53.0+dfsg1+llvm-4ubuntu1~20.04.1
released
bionic
not-affected
xenial
needed
trusty
needed
Common Weakness Enumeration
References
https://github.com/rust-lang/rust/issues/80335
https://github.com/rust-lang/rust/pull/81728
https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174
https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/
https://github.com/rust-lang/rust/issues/80335
https://github.com/rust-lang/rust/pull/81728
https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174
https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/