DescriptionAn issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs986808

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rust-stackvector (PTS)bullseye1.0.6-3fixed
bookworm, sid1.1.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


Search for package or bug name: Reporting problems