CVE-2020-36318

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-36318
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36318.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-36318
Related
Published
2021-04-11T20:15:12Z
Modified
2024-09-18T03:14:32.792183Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.

References

Affected packages

Debian:11 / rustc

Package

Name
rustc
Purl
pkg:deb/debian/rustc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.48.0+dfsg1-2
1.49.0~beta.4+dfsg1-1~exp1
1.49.0+dfsg1-1~exp1
1.49.0+dfsg1-1
1.49.0+dfsg1-2
1.50.0+dfsg1-1~exp1
1.50.0+dfsg1-1~exp2
1.50.0+dfsg1-1~exp3
1.50.0+dfsg1-1~exp4
1.50.0+dfsg1-1
1.51.0+dfsg1-1~exp1
1.51.0+dfsg1-1~exp2
1.51.0+dfsg1-1~exp3
1.51.0+dfsg1-1
1.52.0~beta.3+dfsg1-1~exp1
1.52.0~beta.3+dfsg1-1~exp2
1.52.0~beta.3+dfsg1-1~exp3
1.52.0~beta.3+dfsg1-1~exp4
1.52.0+dfsg1-1~exp1
1.52.1+dfsg1-1~exp1
1.52.1+dfsg1-1~exp2
1.52.1+dfsg1-1~exp3
1.52.1+dfsg1-1
1.53.0+dfsg1-1~exp1
1.53.0+dfsg1-1
1.53.0+dfsg1-2
1.53.0+dfsg1-3
1.53.0+dfsg1-4
1.54.0+dfsg1-1~exp1
1.54.0+dfsg1-1
1.54.0+dfsg1-2
1.54.0+dfsg1-3
1.55.0+dfsg1-0
1.55.0+dfsg1-1~exp1
1.55.0+dfsg1-1
1.55.0+dfsg1-2
1.56.0~beta.4+dfsg1-1~exp1
1.56.0~beta.4+dfsg1-1~exp2
1.56.0+dfsg1-1
1.56.0+dfsg1-2
1.57.0+dfsg1-1~exp1
1.57.0+dfsg1-1
1.58.1+dfsg1-1~exp1
1.58.1+dfsg1-1
1.59.0+dfsg1-1~exp1
1.59.0+dfsg1-1
1.59.0+dfsg1-2
1.60.0+dfsg1-1~exp1
1.60.0+dfsg1-1
1.61.0+dfsg1-1~exp1
1.61.0+dfsg1-1
1.61.0+dfsg1-2
1.62.1+dfsg1-1~exp1
1.62.1+dfsg1-1
1.63.0+dfsg1-1~exp1
1.63.0+dfsg1-1
1.63.0+dfsg1-2
1.64.0+dfsg1-1~exp1
1.64.0+dfsg1-1~exp2
1.64.0+dfsg1-1~exp3
1.64.0+dfsg1-1~exp4
1.64.0+dfsg1-1
1.65.0+dfsg1-1~exp1
1.65.0+dfsg1-1~exp2
1.65.0+dfsg1-1~exp3
1.65.0+dfsg1-1
1.65.0+dfsg1-2
1.66.0+dfsg1-1~exp1
1.66.0+dfsg1-1
1.67.1+dfsg1-1~exp1
1.67.1+dfsg1-1
1.68.2+dfsg1-1~exp1
1.68.2+dfsg1-1
1.69.0+dfsg1-1~exp1
1.69.0+dfsg1-1~exp2
1.69.0+dfsg1-1
1.70.0+dfsg1-1~exp1
1.70.0+dfsg1-1~exp2
1.70.0+dfsg1-1~exp3
1.70.0+dfsg1-1
1.70.0+dfsg1-2~exp1
1.70.0+dfsg1-2
1.70.0+dfsg1-3
1.70.0+dfsg1-4
1.70.0+dfsg1-5
1.70.0+dfsg1-6
1.70.0+dfsg1-7
1.70.0+dfsg1-8
1.70.0+dfsg1-8.1
1.70.0+dfsg1-9
1.70.0+dfsg2-1~exp1
1.70.0+dfsg2-1~exp2
1.70.0+dfsg2-1~exp3
1.70.0+dfsg2-1
1.70.0+dfsg2-1+loong64
1.71.1+dfsg1-1~exp1
1.71.1+dfsg1-1~exp2
1.71.1+dfsg1-1
1.71.1+dfsg1-2
1.72.1+dfsg1-1~exp1
1.72.1+dfsg1-1~exp2
1.72.1+dfsg1-1
1.72.1+dfsg1-1+hurd.1
1.73.0+dfsg1-1~exp1
1.73.0+dfsg1-1
1.73.0+dfsg1-1+hurd.1
1.73.0+dfsg1-1+loong64
1.74.1+dfsg1-1~exp1
1.74.1+dfsg1-1
1.74.1+dfsg1-1+hurd.1
1.75.0+dfsg1-1~exp1
1.75.0+dfsg1-1
1.75.0+dfsg1-2
1.75.0+dfsg1-3
1.75.0+dfsg1-4
1.75.0+dfsg1-4+hurd.1
1.75.0+dfsg1-5
1.76.0+dfsg1-1~exp1
1.76.0+dfsg1-1
1.76.0+dfsg1-1+hurd.1
1.77.2+dfsg1-1~exp1
1.77.2+dfsg1-1
1.78.0+dfsg1-1~exp1
1.78.0+dfsg1-2
1.79.0+dfsg1-1~exp1
1.79.0+dfsg1-1
1.79.0+dfsg1-2
1.79.0+dfsg1-2+hurd.1
1.80.0+dfsg1-1~exp1
1.80.1+dfsg1-1~exp1
1.80.1+dfsg1-1
1.80.1+dfsg1-1+hurd.1
1.81.0+dfsg1-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rustc

Package

Name
rustc
Purl
pkg:deb/debian/rustc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.53.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rustc

Package

Name
rustc
Purl
pkg:deb/debian/rustc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.53.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/rust-lang/rust

Affected ranges

Type
GIT
Repo
https://github.com/rust-lang/rust
Events