Bug 1184598 (CVE-2021-28876) - VUL-0: CVE-2021-28876: rust: panic safety issue in the Zip implementation
Summary: VUL-0: CVE-2021-28876: rust: panic safety issue in the Zip implementation
Status: RESOLVED FIXED
Alias: CVE-2021-28876
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: William Brown
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/281613/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-28876:7.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-12 08:47 UTC by Robert Frohl
Modified: 2022-01-21 12:53 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
QA reproducer (1.60 KB, text/rust)
2021-04-12 11:28 UTC, Robert Frohl 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-04-12 08:47:01 UTC 
CVE-2021-28876

In the standard library in Rust before 1.52.0, the Zip implementation has a
panic safety issue. It calls __iterator_get_unchecked() more than once for the
same index when the underlying iterator panics (in certain conditions). This bug
could lead to a memory safety violation due to an unmet safety requirement for
the TrustedRandomAccess trait.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876
https://github.com/rust-lang/rust/issues/81740
https://github.com/rust-lang/rust/pull/81741
Comment 1 Robert Frohl 2021-04-12 11:25:55 UTC 
tracking as affected:

- SUSE:SLE-15:Update/rust
- SUSE:SLE-15-SP1:Update/rust

also still a problem in openSUSE:Factory
Comment 2 Robert Frohl 2021-04-12 11:28:37 UTC 
Created attachment 848243 [details]
QA reproducer

> rustc CVE-2021-28876.rs && ./CVE-2021-28876

thread 'main' panicked at 'explicit panic', CVE-2021-28876.rs:42:21
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
[CVE-2021-28876.rs:49] ptr1 = 0x00007fff1dc88398
[CVE-2021-28876.rs:49] ptr2 = 0x00007fff1dc88398
Comment 3 Robert Frohl 2022-01-21 12:53:48 UTC 
also does not affect any supported version anymore, closing