CVE-2020-36323
HIGHRust < 1.52.0 - Use-After-Free via String Join Optimization
Title source: llmDescription
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
References (7)
Core 7
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/rust-lang/rust/issues/80335
Patch, Third Party Advisory x_refsource_misc
https://github.com/rust-lang/rust/pull/81728
Patch, Third Party Advisory x_refsource_misc
https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
Patch, Third Party Advisory x_refsource_misc
https://github.com/rust-lang/rust/pull/81728#issuecomment-824904190
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
Scores
CVSS v3
8.2
EPSS
0.0204
EPSS Percentile
78.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Details
CWE
CWE-134
Status
published
Products (4)
fedoraproject/fedora
32
fedoraproject/fedora
33
fedoraproject/fedora
34
rust-lang/rust
< 1.52.0
Published
Apr 14, 2021
Tracked Since
Feb 18, 2026