Home > Vulnerability Database > CVE-2020-36323

Mend.io Vulnerability Database

CVE-2020-36323

Date: April 14, 2021

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.

Language: RUST

Severity Score

8.2

Related Resources (16)

Url: https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/

Url: https://security-tracker.debian.org/tracker/CVE-2020-36323

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-36323

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36323

Url: https://security.alpinelinux.org/vuln/CVE-2020-36323

Url: https://github.com/rust-lang/rust/issues/80335

Url: https://access.redhat.com/security/cve/CVE-2020-36323

Url: https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/

Url: https://github.com/rust-lang/rust/pull/81728

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/

Url: https://www.mend.io/vulnerability-database/CVE-2020-36323

Severity Score

8.2

Weakness Type (CWE)

Use of Externally-Controlled Format String

CWE-134

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-36323

Date: April 14, 2021

Language: RUST

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?