CVE-2018-1000810
CRITICALRust Programming Language Standard Library <1.29.1 - Buffer Overflow
Title source: llmDescription
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201812-11
Vendor Advisory x_refsource_confirm
https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html
Mailing List x_refsource_confirm
https://groups.google.com/forum/#%21topic/rustlang-security-announcements/CmSuTm-SaU0
Scores
CVSS v3
9.8
EPSS
0.0295
EPSS Percentile
85.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (8)
rust-lang/rust
1.26.0
rust-lang/rust
1.26.1
rust-lang/rust
1.26.2
rust-lang/rust
1.27.0
rust-lang/rust
1.27.1
rust-lang/rust
1.27.2
rust-lang/rust
1.28.0
rust-lang/rust
1.29.0
Published
Oct 08, 2018
Tracked Since
Feb 18, 2026