CVE-2021-26956: Arbitrary return types in xcb
9.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.65141%
CWE
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
Rust
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
xcb | rust | < 1.0.0 | 1.0.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The core vulnerability stems from GetPropertyReply::value()
's unsafe implementation that directly transmutes raw network bytes into unvalidated generic types. Multiple authoritative sources (CVE, GHSA, RustSec advisory, and GitHub issue #95) explicitly identify this function as problematic. The function's lack of type constraints allows violating Rust's safety guarantees by interpreting server-controlled data as arbitrary types, a textbook case of CWE-657 (secure design violation).