VDB

CVE-2021-29922

CVE-2021-29922 PUBLISHED

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.

EPSS 0.34% · 57.2th percentile

Risk Scores

EPSS Score
0.34%
57.2th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSrustc1.51.0+dfsg1+llvm-1~exp3ubuntu1, 0
Ubuntu:16.04:LTSrustc1.47.0+dfsg1+llvm-1ubuntu1~16.04.1, *, *
Ubuntu:14.04:LTSrustc1.30.0+dfsg1+llvm-2ubuntu1~14.04.1, *, 1.17.0+dfsg2-8~ubuntu0.14.04.3
Ubuntu:20.04:LTSrustc1.38.0+dfsg0.2+llvm-0ubuntu2, 1.39.0+dfsg1+llvm-3ubuntu1, 1.40.0+dfsg1+llvm-5ubuntu1

Timeline

  • Jan 31, 2020 CVE Published
  • Aug 8, 2021 EPSS Score
  • Oct 6, 2021 EPSS Score
  • Dec 4, 2021 EPSS Score
  • Jan 31, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 31, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 29, 2022 EPSS Score
  • Sep 25, 2022 EPSS Score
  • Nov 22, 2022 EPSS Score
  • Jan 20, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›