CVE-2020-36317

2021-04-11T20:15:00
ID CVE-2020-36317
Type cve
Reporter cve@mitre.org
Modified 2021-04-22T14:56:00

Description

In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.