CVE-2020-35887

Vulnerability

Overview

The arr crate for Rust, up to version 0.6.0, contains a buffer overflow vulnerability in its Index and IndexMut trait implementations [1]. These implementations do not perform bounds checking on the index parameter, allowing access to memory beyond the allocated array [1]. This flaw violates Rust's memory safety guarantees for crates that use safe Rust only [1].

Exploitation

To trigger the overflow, an attacker (or any user of the crate) merely needs to call indexing operations with an out-of-bounds index on an Array instance [1]. No special privileges or network position are required; the vulnerable code is invoked during normal array access in any program using the arr crate [1]. The official advisory notes that the crate has no patched version available, making any application relying on arr susceptible [3].

Impact

A successful out-of-bounds read or write can lead to memory corruption, potentially allowing an attacker to read sensitive data or execute arbitrary code [1][3]. The same advisory also highlights related issues: incorrect Sync/Send bounds (CVE-2020-35886) and dropping uninitialized memory (CVE-2020-35888), all of which together elevate the risk of using the crate [3].

Mitigation

No patched version of the arr crate has been released, and the repository appears to have been archived [3][4]. Users are advised to avoid using this crate or to replace it with a properly bounds-checked alternative. The RustSec advisory lists this as an unpatched vulnerability [3].