In the standard library in Rust before 1.53.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. Reference: https://github.com/rust-lang/rust/issues/80335 Upstream patch: https://github.com/rust-lang/rust/pull/81728
(In reply to Guilherme de Almeida Suckevicz from comment #0) > In the standard library in Rust before 1.50.3, They made a typo in the CVE -- there's no such release 1.50.3, but the referenced pull request will be released in 1.53.0. It could also get backported to beta in time for 1.52.0.
In reply to comment #1: > (In reply to Guilherme de Almeida Suckevicz from comment #0) > > In the standard library in Rust before 1.50.3, > > They made a typo in the CVE -- there's no such release 1.50.3, but the > referenced pull request will be released in 1.53.0. It could also get > backported to beta in time for 1.52.0. Thanks for the heads up! I have updated the comment#0 with the right affected version and also created tracker bugs for Fedora and EPEL.
Created rust tracking bugs for this issue: Affects: epel-7 [bug 1950486] Affects: fedora-all [bug 1950485]
This was backported to the upstream beta branch, so it will now be fixed in 1.52.0. https://github.com/rust-lang/rust/pull/84603
This issue has been addressed in the following products: Red Hat Developer Tools Via RHSA-2021:3042 https://access.redhat.com/errata/RHSA-2021:3042
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-36323
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3063 https://access.redhat.com/errata/RHSA-2021:3063