Miggo Logo

CVE-2021-26956: Arbitrary return types in xcb

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.65141%
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
xcbrust< 1.0.01.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The core vulnerability stems from GetPropertyReply::value()'s unsafe implementation that directly transmutes raw network bytes into unvalidated generic types. Multiple authoritative sources (CVE, GHSA, RustSec advisory, and GitHub issue #95) explicitly identify this function as problematic. The function's lack of type constraints allows violating Rust's safety guarantees by interpreting server-controlled data as arbitrary types, a textbook case of CWE-657 (secure design violation).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *un*tion x**::xproto::**tProp*rtyR*ply::v*lu*() r*turns * sli** o* typ* T w**r* T is *n un*onstr*in** typ* p*r*m*t*r. T** r*w *yt*s r***iv** *rom t** X** s*rv*r *r* int*rpr*t** *s t** r*qu*st** typ*. T** us*rs o* t** x** *r*t* *r* **vis** to only

Reasoning

T** *or* vuln*r**ility st*ms *rom `**tProp*rtyR*ply::v*lu*()`'s uns*** impl*m*nt*tion t**t *ir**tly tr*nsmut*s r*w n*twork *yt*s into unv*li**t** **n*ri* typ*s. Multipl* *ut*orit*tiv* sour**s (*V*, **S*, RustS** **visory, *n* *it*u* issu* #**) *xpli*