CVE-2020-36317
First published: Sun Apr 11 2021(Updated: )
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rust-lang Rust | <1.49.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this bug in Rust?
The vulnerability ID is CVE-2020-36317.
What is the severity level of CVE-2020-36317?
The severity level of CVE-2020-36317 is high with a score of 7.5.
Which version of Rust is affected by CVE-2020-36317?
Rust versions before 1.49.0 are affected by CVE-2020-36317.
What is the nature of the vulnerability in Rust?
The vulnerability in Rust is related to a panic safety problem in the String::retain() function.
Are there any official references for CVE-2020-36317?
Yes, you can find more information about CVE-2020-36317 in GitHub issues and pull requests: [Issue #78498](https://github.com/rust-lang/rust/issues/78498) and [Pull Request #78499](https://github.com/rust-lang/rust/pull/78499).
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/rust-lang
- canonical/rust-lang rust