VDB
CVE-2019-12083
CVE-2019-12083
PUBLISHED
CVSS 6.800000190734863 MEDIUM
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.
EPSS 0.98% · 77.1th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
0.98%
77.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fedoraproject | fedora | 30, 29 |
| n/a | n/a | n/a |
| rust-lang | rust | 1.34.0 |
| opensuse | leap | 15.1 |
Exploit Intelligence
- https://blog.rust-lang.org/2019/05/13/Security-advisory.html (nist-nvd)
- https://groups.google.com/forum/#%21topic/rustlang-security-announcements/aZabeCMUv70 (circl)
- FEDORA-2019-e39d4910c6 (circl)
- FEDORA-2019-f76f0e11b3 (circl)
- openSUSE-SU-2019:2203 (circl)
- openSUSE-SU-2019:2244 (circl)
- openSUSE-SU-2019:2294 (circl)
Timeline
- May 13, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://groups.google.com/forum/#%21topic/rustlang-security-announcements/aZabeCMUv70 url
- https://blog.rust-lang.org/2019/05/13/Security-advisory.html url
- FEDORA-2019-e39d4910c6 vendor-advisory
- FEDORA-2019-f76f0e11b3 vendor-advisory
- openSUSE-SU-2019:2203 vendor-advisory
- openSUSE-SU-2019:2244 vendor-advisory
- openSUSE-SU-2019:2294 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-12083 advisory
- https://groups.google.com/forum/#!topic/rustlang-security-announcements/aZabeCMUv70 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HG47HYH3AQTUMBUMX3S3G5DNAY4CBW6N url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6T4BNA5KQYJRIKIGGBOGBMR7TRXPHLR url