CVE-2020-36323

EUVD-2020-23862
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
rust-langrust
𝑥
< 1.52.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rustc
bookworm
1.63.0+dfsg1-2
fixed
bullseye
no-dsa
buster
no-dsa
sid
1.82.0+dfsg1-2
fixed
stretch
no-dsa
trixie
1.82.0+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rustc
bionic
not-affected
focal
Fixed 1.53.0+dfsg1+llvm-4ubuntu1~20.04.1
released
groovy
ignored
hirsute
ignored
impish
ignored
jammy
Fixed 1.53.0+dfsg1+llvm-4ubuntu1
released
kinetic
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
needed
xenial
needed
Common Weakness Enumeration
References
https://github.com/rust-lang/rust/issues/80335
https://github.com/rust-lang/rust/pull/81728
https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174
https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/
https://github.com/rust-lang/rust/issues/80335
https://github.com/rust-lang/rust/pull/81728
https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174
https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/