Upstream information

CVE-2019-1010299 at MITRE

Description

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d.

SUSE information

Overall state of this security issue: Pending

This issue is currently rated as having low severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database SUSE
Base Score 5.3 2.8
Vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Access Vector Network Local
Access Complexity Low Low
Privileges Required None Low
User Interaction None Required
Scope Unchanged Unchanged
Confidentiality Impact Low Low
Integrity Impact None None
Availability Impact None None
SUSE Bugzilla entry: 1141856 [NEW]

No SUSE Security Announcements cross referenced.


Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.

Product(s) Source package State
SUSE Linux Enterprise Module for Development Tools 15 GA rust Affected
SUSE Linux Enterprise Module for Development Tools 15 SP1 rust Affected