CVE-2018-1000810

Name: CVE-2018-1000810
Creator: NVD / NIST
Published: 2018-10-08T15:29:01.227+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.96%

Last modified Jun 17, 2026

CVE-2018-1000810 is a vulnerability of currently unknown severity. The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. EPSS estimates a 2.96% chance of exploitation in the next 30 days.

Description

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.

Metrics

EPSS Probability

2.96%

85.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-190

Affected Software

Vendor	Product	Versions
Rust-Lang	Rust	1.26.0
Rust-Lang	Rust	1.26.1
Rust-Lang	Rust	1.26.2
Rust-Lang	Rust	1.27.0
Rust-Lang	Rust	1.27.1
Rust-Lang	Rust	1.27.2
Rust-Lang	Rust	1.28.0
Rust-Lang	Rust	1.29.0

References

https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.htmlVendor Advisory
https://groups.google.com/forum/#%21topic/rustlang-security-announcements/CmSuTm-SaU0
https://security.gentoo.org/glsa/201812-11Third Party Advisory
https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.htmlVendor Advisory
https://groups.google.com/forum/#%21topic/rustlang-security-announcements/CmSuTm-SaU0
https://security.gentoo.org/glsa/201812-11Third Party Advisory

Timeline

Published: Oct 8, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-1000810?

How severe is CVE-2018-1000810?

Severity scoring for CVE-2018-1000810 is pending analysis. The EPSS model estimates a 2.96% probability of exploitation in the next 30 days.

How do I fix CVE-2018-1000810?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1000810?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST