CVE-2021-28878: 
Alibaba Cloud Linux (Aliyun Linux) vulnerability analysis and mitigation

CVE-2021-28878 affects the standard library in Rust versions before 1.52.0. The vulnerability involves the Zip implementation incorrectly calling _iteratorgetunchecked() multiple times for the same index under specific conditions when nextback() and next() are used together (NVD, Rust Issue).

The vulnerability stems from a safety requirement violation in the TrustedRandomAccess trait implementation. The issue occurs when the Zip implementation makes multiple calls to _iteratorgetunchecked() with identical indices during concurrent usage of nextback() and next() operations. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to memory safety violations when exploited, potentially compromising the security guarantees that Rust typically provides. Since Rust is statically linked, affected applications need to be rebuilt to benefit from the fixes, with actual security implications varying depending on how the affected APIs are used in each specific case (Fedora Advisory).

The vulnerability was fixed in Rust version 1.52.0. Users are advised to upgrade to this version or later. For systems using package managers, specific update commands are available. For example, Fedora users can use 'dnf upgrade' with the appropriate advisory, and Gentoo users should upgrade to rust-1.63.0-r1 or later (Gentoo Advisory, Fedora Advisory).