CVE-2024-21491: Rust Zip Fold Length Bypass
A comparison using `zip` and `fold` was detected without a preceding length equivalence check. The `Iterator::zip` method stops when the shortest iterator is exhausted. If an attacker provides a partial input shorter than the expected input but matching its prefix, `zip` will successfully evaluate to true, causing an authentication or comparison bypass. Expl
Rustβgreprules fetch cve-2024-21491-rust-zip-fold-length-bypass --engine opengrepDescription
A comparison using `zip` and `fold` was detected without a preceding length equivalence check. The `Iterator::zip` method stops when the shortest iterator is exhausted. If an attacker provides a partial input shorter than the expected input but matching its prefix, `zip` will successfully evaluate to true, causing an authentication or comparison bypass. Expl
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0