{ "CVE_data_meta" : { "ASSIGNER" : "kurt@seifried.org", "DATE_ASSIGNED" : "2018-10-05T22:22:07.614036", "DATE_REQUESTED" : "2018-09-21T20:41:05", "ID" : "CVE-2018-1000810", "REQUESTER" : "steve@steveklabnik.com", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "Standard Library", "version" : { "version_data" : [ { "version_value" : "1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0" } ] } } ] }, "vendor_name" : "The Rust Programming Language" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "CWE-680: Integer Overflow to Buffer Overflow" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html", "refsource" : "CONFIRM", "url" : "https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html" }, { "name" : "https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0", "refsource" : "CONFIRM", "url" : "https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0" }, { "name" : "GLSA-201812-11", "refsource" : "GENTOO", "url" : "https://security.gentoo.org/glsa/201812-11" } ] } }