CVE-2021-28876

Panic safety issue in Zip specialization

Issued
Package
std
Type
Vulnerability
Categories
  • memory-corruption
Details
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876
Patched
  • >=1.52.0
Unaffected
  • <1.14.0

Description

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

More