CVE-2020-36323
8.2
HIGH
CVSS 3.1
EPSS 1.0%
Description
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
How to fix CVE-2020-36323
To remediate CVE-2020-36323, upgrade the affected package to a fixed version below.
- Alpine/rust—upgrade to 1.51.0-r2 or later
- Debian/rustc—no fix listed
Is CVE-2020-36323 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.51.0-r2
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |