CVE-2021-31162

Beschreibung:
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.

CWE: CWE-415 CWE-400

CVSS-Bewertung
CVSS 2: HIGH – 7.5 (Version: 2.0)
CVSS 3: CRITICAL – 9.8 (Version: 3.1)

Links:

NVD – CVE-2021-31162
CVE – CVE-2021-31162

Link (max. 20) Quelle Tags
https://github.com/rust-lang/rust/issues/83618 MISC Exploit Third Party Advisory Vendor Advisory
https://github.com/rust-lang/rust/pull/83629 MISC Patch Third Party Advisory Third Party Advisory Third Party Advisory
FEDORA-2021-d0ba1901ca FEDORA Mailing List Third Party Advisory
FEDORA-2021-d7f74f0250 FEDORA Mailing List Third Party Advisory
FEDORA-2021-b1ba54add6 FEDORA Mailing List Third Party Advisory
https://github.com/rust-lang/rust/pull/84603 CONFIRM
[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets MLIST
[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets MLIST
[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets MLIST
[kafka-commits] 20210506 [kafka] branch 2.7 updated: KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636) MLIST
[kafka-jira] 20210506 [GitHub] [kafka] omkreddy commented on pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-dev] 20210506 [jira] [Resolved] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-commits] 20210506 [kafka] branch 2.8 updated: KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636) MLIST
[kafka-jira] 20210506 [jira] [Resolved] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-jira] 20210506 [GitHub] [kafka] omkreddy merged pull request #10636: MINOR: Bump Jersey deps to 2.34 due to CVE-2021-28168 MLIST
[kafka-jira] 20210507 [GitHub] [kafka] dongjinleekr closed pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-jira] 20210507 [GitHub] [kafka] dongjinleekr commented on pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST

Quelle: NVD – CVE-2021-31162
Datum Veröffentlichung: 2021-04-14T07:15Z, Datum letzte Änderung: 2021-05-11T01:15Z