9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-26956

GHSA ID

GHSA-mp6r-fgw2-rxfx

EPSS Score

0.65141%

CWE

CWE-657

Published

8/25/2021

Updated

6/13/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-26956

CVE-2021-26956: Arbitrary return types in xcb

The function xcb::xproto::GetPropertyReply::value() returns a slice of type T where T is an unconstrained type parameter. The raw bytes received from the X11 server are interpreted as the requested type. The users of the xcb crate are advised to only call this function with the intended types. These are u8, u16, and u32.

This issue is tracked here: https://github.com/rust-x-bindings/rust-xcb/issues/95

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-26956

GHSA ID

GHSA-mp6r-fgw2-rxfx

EPSS Score

0.65141%

CWE

CWE-657

Published

8/25/2021

Updated

6/13/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
xcb	rust	< 1.0.0	1.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The core vulnerability stems from GetPropertyReply::value()'s unsafe implementation that directly transmutes raw network bytes into unvalidated generic types. Multiple authoritative sources (CVE, GHSA, RustSec advisory, and GitHub issue #95) explicitly identify this function as problematic. The function's lack of type constraints allows violating Rust's safety guarantees by interpreting server-controlled data as arbitrary types, a textbook case of CWE-657 (secure design violation).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *un*tion x**::xproto::**tProp*rtyR*ply::v*lu*() r*turns * sli** o* typ* T w**r* T is *n un*onstr*in** typ* p*r*m*t*r. T** r*w *yt*s r***iv** *rom t** X** s*rv*r *r* int*rpr*t** *s t** r*qu*st** typ*. T** us*rs o* t** x** *r*t* *r* **vis** to only

Reasoning

T** *or* vuln*r**ility st*ms *rom `**tProp*rtyR*ply::v*lu*()`'s uns*** impl*m*nt*tion t**t *ir**tly tr*nsmut*s r*w n*twork *yt*s into unv*li**t** **n*ri* typ*s. Multipl* *ut*orit*tiv* sour**s (*V*, **S*, RustS** **visory, *n* *it*u* issu* #**) *xpli*

9.8

Basic Information

Concerned about an active attack path?

CVE-2021-26956: Arbitrary return types in xcb

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI