7 matches found
CVE-2026-33055 affecting package clamav for versions less than 1.5.2-2
CVE-2026-33055 affecting package clamav for versions less than 1.5.2-2. A patched version of the package is available...
CVE-2026-33055 affecting package rpm-ostree for versions less than 2024.4-10
CVE-2026-33055 affecting package rpm-ostree for versions less than 2024.4-10. A patched version of the package is available...
CVE-2026-33055 affecting package rust for versions less than 1.90.0-7
CVE-2026-33055 affecting package rust for versions less than 1.90.0-7. A patched version of the package is available...
Amazon Linux 2023 : cargo-c (ALAS2023-2026-1566)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1566 advisory. tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As par...
Medium: rust-below
Issue Overview: tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size...
Medium: rust-cargo-c
Issue Overview: tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size...
Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2026-1568)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1568 advisory. A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the...