CVE-2021-28879

Zip can cause buffer overflow when a consumed Zip iterator is used again

Reported

February 18, 2021

Issued

April 13, 2021

Package

std

Type

Vulnerability

Categories

memory-corruption

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879

Patched

>=1.52.0

Unaffected

<1.14.0

Description

In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.

Advisory available under CC0-1.0 license.