What is CVE-2021-28876?

CVE-2021-28876 is a vulnerability in the standard library in Rust before version 1.52.0, related to a panic safety issue in the Zip implementation.

What is the severity of CVE-2021-28876?

The severity of CVE-2021-28876 is medium (5.3).

Which software is affected by CVE-2021-28876?

The following software is affected by CVE-2021-28876: Rust before version 1.52.0, Fedora 32, Fedora 33, and Fedora 34.

How can the panic safety issue in the Zip implementation be exploited?

If the underlying iterator panics in certain conditions, the Zip implementation may call __iterator_get_unchecked() more than once for the same index, potentially leading to a memory safety violation.

Where can I find more information about CVE-2021-28876?

More information about CVE-2021-28876 can be found at the following references: [link1](https://github.com/rust-lang/rust/issues/81740), [link2](https://github.com/rust-lang/rust/pull/81741), [link3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/).

Vulnerability/
CVE-2021-28876

medium

5.3

CWE

755

11/4/2021

3/8/2024

CVE-2021-28876

First published: Sun Apr 11 2021(Updated: )

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Rust-lang Rust	<1.52.0
Fedoraproject Fedora	=32
Fedoraproject Fedora	=33
Fedoraproject Fedora	=34

Remedy

https://github.com/rust-lang/rust/pull/81741

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-28876?
CVE-2021-28876 is a vulnerability in the standard library in Rust before version 1.52.0, related to a panic safety issue in the Zip implementation.
What is the severity of CVE-2021-28876?
The severity of CVE-2021-28876 is medium (5.3).
Which software is affected by CVE-2021-28876?
The following software is affected by CVE-2021-28876: Rust before version 1.52.0, Fedora 32, Fedora 33, and Fedora 34.
How can the panic safety issue in the Zip implementation be exploited?
If the underlying iterator panics in certain conditions, the Zip implementation may call __iterator_get_unchecked() more than once for the same index, potentially leading to a memory safety violation.
Where can I find more information about CVE-2021-28876?
More information about CVE-2021-28876 can be found at the following references: [link1](https://github.com/rust-lang/rust/issues/81740), [link2](https://github.com/rust-lang/rust/pull/81741), [link3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/).

collector/nvd-index
agent/references
agent/author
agent/severity
agent/weakness
agent/description
agent/type
agent/event
agent/remedy
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/rust-lang
canonical/rust-lang rust
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/32
version/fedoraproject fedora/33
version/fedoraproject fedora/34