CVE-2021-28876

Panic safety issue in Zip specialization

Reported

February 4, 2021

Issued

April 13, 2021

Package

std

Type

Vulnerability

Categories

memory-corruption

Details

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876

Patched

>=1.52.0

Unaffected

<1.14.0

Description

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.