CVE-2019-12083 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-12083 PUBLISHED CVSS 6.800000190734863 MEDIUM

The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.

EPSS 0.76% · 73.3th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

0.76%

73.3th percentile

Affected Products

Vendor	Product	Versions
fedoraproject	fedora	29, 30
n/a	n/a	n/a
rust-lang	rust	1.34.0
opensuse	leap	15.1

Timeline

May 13, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

https://groups.google.com/forum/#%21topic/rustlang-security-announcements/aZabeCMUv70 url
https://blog.rust-lang.org/2019/05/13/Security-advisory.html url
FEDORA-2019-e39d4910c6 vendor-advisory
FEDORA-2019-f76f0e11b3 vendor-advisory
openSUSE-SU-2019:2203 vendor-advisory
openSUSE-SU-2019:2244 vendor-advisory
openSUSE-SU-2019:2294 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2019-12083 advisory
https://groups.google.com/forum/#!topic/rustlang-security-announcements/aZabeCMUv70 url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HG47HYH3AQTUMBUMX3S3G5DNAY4CBW6N url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6T4BNA5KQYJRIKIGGBOGBMR7TRXPHLR url

Open in Interactive Console →