CVE-2019-1010299: Infoleak
First published: Mon Jul 15 2019(Updated: )
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d.
Credit: josh@bress.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rust-lang Rust | >=1.18.0<1.30.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-1010299.
What is the severity of CVE-2019-1010299?
The severity of CVE-2019-1010299 is medium (5.3).
What is the impact of CVE-2019-1010299?
The impact of CVE-2019-1010299 is that contents of uninitialized memory could be printed to a string or a log file.
Which component is affected by CVE-2019-1010299?
The affected component is the Debug trait implementation for std::collections::vec_deque::Iter.
How can I fix CVE-2019-1010299?
To fix CVE-2019-1010299, update the Rust Programming Language Standard Library to a version later than 1.30.0.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/rust-lang
- canonical/rust-lang rust
- version/rust-lang rust/1.18.0