20210204

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

xcb-project

CWE-252

critical

NVD

Published: 2021-02-09

Updated: 2021-02-18

Summary

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server.

Vulnerable Configurations

Part	Description	Count
Application	Xcb_Project XCB Project XCB - XCB Project XCB 2020-12-10 XCB Project XCB 2021-02-04	3

Common Weakness Enumeration (CWE)

CWE-252 - Unchecked Return Value

References

https://rustsec.org/advisories/RUSTSEC-2021-0019.html