{"id":"UBUNTU-CVE-2018-1000657","details":"Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published.. This vulnerability appears to have been fixed in after commit fdfafb510b1a38f727e920dccbeeb638d39a8e60; stable release 1.22.0 and later.","modified":"2025-07-16T07:18:35.409867Z","published":"2018-08-20T19:31:00Z","withdrawn":"2025-07-18T16:44:53Z","upstream":["CVE-2018-1000657"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-1000657"},{"type":"REPORT","url":"https://github.com/rust-lang/rust/issues/44800"},{"type":"REPORT","url":"https://github.com/rust-lang/rust/commit/f71b37bc28326e272a37b938e835d4f99113eec2"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-1000657"}],"affected":[{"package":{"name":"rustc","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/rustc@1.25.0+dfsg1+llvm-0ubuntu1~14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.0+dfsg1+llvm-0ubuntu1~14.04.1"}]}],"versions":["1.15.1+dfsg0-1~exp1ubuntu2~14.04.7","1.17.0+dfsg2-8~ubuntu0.14.04.3","1.21.0+dfsg1+llvm-0ubuntu3~14.04.5","1.22.1+dfsg1+llvm-0ubuntu2~14.04.2","1.24.1+dfsg1+llvm-0ubuntu1~14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~14.04.1","binary_name":"libstd-rust-1.25"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~14.04.1","binary_name":"libstd-rust-1.25-dbgsym"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~14.04.1","binary_name":"libstd-rust-dev"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~14.04.1","binary_name":"libstd-rust-dev-dbgsym"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~14.04.1","binary_name":"rust-doc"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~14.04.1","binary_name":"rust-gdb"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~14.04.1","binary_name":"rust-lldb"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~14.04.1","binary_name":"rust-src"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~14.04.1","binary_name":"rustc"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~14.04.1","binary_name":"rustc-dbgsym"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000657.json"}},{"package":{"name":"rustc","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/rustc@1.25.0+dfsg1+llvm-0ubuntu1~16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.0+dfsg1+llvm-0ubuntu1~16.04.1"}]}],"versions":["1.7.0+dfsg1-1","1.15.1+dfsg0-1~exp1ubuntu2~16.04.3","1.17.0+dfsg2-8~ubuntu0.16.04.2","1.21.0+dfsg1+llvm-0ubuntu3~16.04.1","1.22.1+dfsg1+llvm-0ubuntu2~16.04.2","1.24.1+dfsg1+llvm-0ubuntu1~16.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~16.04.1","binary_name":"libstd-rust-1.25"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~16.04.1","binary_name":"libstd-rust-1.25-dbgsym"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~16.04.1","binary_name":"libstd-rust-dev"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~16.04.1","binary_name":"libstd-rust-dev-dbgsym"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~16.04.1","binary_name":"rust-doc"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~16.04.1","binary_name":"rust-gdb"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~16.04.1","binary_name":"rust-lldb"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~16.04.1","binary_name":"rust-src"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~16.04.1","binary_name":"rustc"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1~16.04.1","binary_name":"rustc-dbgsym"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000657.json"}},{"package":{"name":"rustc","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/rustc@1.25.0+dfsg1+llvm-0ubuntu1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.0+dfsg1+llvm-0ubuntu1"}]}],"versions":["1.18.0+dfsg1-4ubuntu1","1.24.1+dfsg1+llvm-0ubuntu1","1.24.1+dfsg1+llvm-0ubuntu2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1","binary_name":"libstd-rust-1.25"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1","binary_name":"libstd-rust-1.25-dbgsym"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1","binary_name":"libstd-rust-dev"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1","binary_name":"libstd-rust-dev-dbgsym"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1","binary_name":"rust-doc"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1","binary_name":"rust-gdb"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1","binary_name":"rust-lldb"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1","binary_name":"rust-src"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1","binary_name":"rustc"},{"binary_version":"1.25.0+dfsg1+llvm-0ubuntu1","binary_name":"rustc-dbgsym"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000657.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}