CVE-2018-1000657

Name: CVE-2018-1000657
Creator: NVD / NIST
Published: 2018-08-20T19:31:45.62+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.54%

Last modified Jun 17, 2026

CVE-2018-1000657 is a vulnerability of currently unknown severity. Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published.. This vulnerability appears to have been fixed in after commit fdfafb510b1a38f727e920dccbeeb638d39a8e60; stable release 1.22.0 and later.. EPSS estimates a 0.54% chance of exploitation in the next 30 days.

Description

Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published.. This vulnerability appears to have been fixed in after commit fdfafb510b1a38f727e920dccbeeb638d39a8e60; stable release 1.22.0 and later.

Metrics

EPSS Probability

0.54%

41.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Rust-Lang	Rust	>= 1.3.0, < 1.22.0

References

http://www.securityfocus.com/bid/105188Third Party Advisory, VDB Entry
https://github.com/rust-lang/rust/commit/f71b37bc28326e272a37b938e835d4f99113eec2Patch, Third Party Advisory
https://github.com/rust-lang/rust/issues/44800Issue Tracking, Third Party Advisory
http://www.securityfocus.com/bid/105188Third Party Advisory, VDB Entry
https://github.com/rust-lang/rust/commit/f71b37bc28326e272a37b938e835d4f99113eec2Patch, Third Party Advisory
https://github.com/rust-lang/rust/issues/44800Issue Tracking, Third Party Advisory

Timeline

Published: Aug 20, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-1000657?

How severe is CVE-2018-1000657?

Severity scoring for CVE-2018-1000657 is pending analysis. The EPSS model estimates a 0.54% probability of exploitation in the next 30 days.

How do I fix CVE-2018-1000657?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1000657?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST