BID:106360

Rust CVE-2018-1000622 Rustdoc Untrusted Search Path Vulnerability

Info

Rust CVE-2018-1000622 Rustdoc Untrusted Search Path Vulnerability

Bugtraq ID:	106360
Class:	Input Validation Error
CVE:	CVE-2018-1000622
Remote:	Yes
Local:	No
Published:	Jul 09 2018 12:00AM
Updated:	Jul 09 2018 12:00AM
Credit:	Red Hat
Vulnerable:	Rust-lang Rust 1.29.1 Rust-lang Rust 1.29 Rust-lang Rust 1.28 Rust-lang Rust 1.27.2 Rust-lang Rust 1.27 Rust-lang Rust 1.26.2 Rust-lang Rust 1.26.1 Rust-lang Rust 1.26 Rust-lang Rust 1.22 Rust-lang Rust 1.21 Rust-lang Rust 1.20 Rust-lang Rust 1.19 Rust-lang Rust 1.18 Rust-lang Rust 1.17 Rust-lang Rust 1.3 Rust-lang Rust 1.2 Rust-lang Rust 1.1 Rust-lang Rust 1.0 Beta Rust-lang Rust 1.0 alpha_2 Rust-lang Rust 1.0 alpha Rust-lang Rust 1.0 Rust-lang Rust 0.12 Rust-lang Rust 0.11 Rust-lang Rust 0.9 Rust-lang Rust 0.8 Rust-lang Rust 0.10

Not Vulnerable:	Rust-lang Rust 1.27.1

Discussion

Rust CVE-2018-1000622 Rustdoc Untrusted Search Path Vulnerability

Rust is prone to an untrusted search path vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications.

Rust Programming Language version 0.8 through 1.27.0 are vulnerable.

Solution / Fix

Rust CVE-2018-1000622 Rustdoc Untrusted Search Path Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Rust CVE-2018-1000622 Rustdoc Untrusted Search Path Vulnerability

References:

Rust Github releases (Github)
Rust Home Page (Rust)
Rust Lang Product Page (Rust)
Red Hat Bugzilla �?? Bug 1597063 (Red Hat Bugzilla)