Use After Free Affecting rust-doc package, versions <0:1.52.1-1.module+el8.4.0+11282+0729bac9
Threat Intelligence
EPSS
1.69% (88th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS8-RUSTDOC-2118820
- published 26 Jul 2021
- disclosed 28 Mar 2021
Introduced: 28 Mar 2021
CVE-2021-31162 Open this link in a new tabHow to fix?
Upgrade Centos:8 rust-doc to version 0:1.52.1-1.module+el8.4.0+11282+0729bac9 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream rust-doc package and not the rust-doc package as distributed by Centos.
See How to fix? for Centos:8 relevant fixed versions and status.
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
References
- https://github.com/rust-lang/rust/pull/84603
- https://access.redhat.com/security/cve/CVE-2021-31162
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/
- https://github.com/rust-lang/rust/issues/83618
- https://github.com/rust-lang/rust/pull/83629
- https://access.redhat.com/errata/RHSA-2021:3063
- https://security.gentoo.org/glsa/202210-09
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/
CVSS Scores
version 3.1