FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rust -- violation of Rust's safety guarantees

Affected packages
1.34.0 <= rust < 1.34.2

Details

VuXML ID 37528379-76a8-11e9-a4fd-00012e582166
Discovery 2019-05-09
Entry 2019-05-15

Sean McArthur reports:

The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the Error::type_id method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.

References

CVE Name CVE-2019-12083
URL https://blog.rust-lang.org/2019/05/13/Security-advisory.html