In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
Weakness
The product does not handle or incorrectly handles an exceptional condition.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rust | Rust-lang | * | 1.52.0 (excluding) |
| Red Hat Developer Tools | RedHat | rust-toolset-1.52-0:1.52.1-1.el7_9 | * |
| Red Hat Developer Tools | RedHat | rust-toolset-1.52-rust-0:1.52.1-2.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | rust-toolset:rhel8-8040020210603202531.2daa1a95 | * |
| Rustc | Ubuntu | bionic | * |
| Rustc | Ubuntu | esm-apps/focal | * |
| Rustc | Ubuntu | esm-apps/xenial | * |
| Rustc | Ubuntu | esm-infra-legacy/trusty | * |
| Rustc | Ubuntu | focal | * |
| Rustc | Ubuntu | groovy | * |
| Rustc | Ubuntu | hirsute | * |
| Rustc | Ubuntu | impish | * |
| Rustc | Ubuntu | jammy | * |
| Rustc | Ubuntu | kinetic | * |
| Rustc | Ubuntu | trusty | * |
| Rustc | Ubuntu | trusty/esm | * |
| Rustc | Ubuntu | upstream | * |
| Rustc | Ubuntu | xenial | * |
References
- https://github.com/rust-lang/rust/issues/81740
- https://github.com/rust-lang/rust/pull/81741
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/
- https://security.gentoo.org/glsa/202210-09
- https://github.com/rust-lang/rust/issues/81740
- https://github.com/rust-lang/rust/pull/81741
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/
- https://security.gentoo.org/glsa/202210-09