[SECURITY] Fedora 42 Update: rust-time-macros-0.2.27-1.fc42

Procedural macros for the time crate...

[SECURITY] Fedora 43 Update: rust-time-macros-0.2.27-1.fc43

Procedural macros for the time crate...

EUVD-2022-6662

Malicious code in bioql PyPI...

OESA-2024-1811 rust security update

Rust is a systems programming language focused on three goals:safety, speed,and concurrency.It maintains these goals without having a garbage collector, making it a useful language for a number of use cases other languages are not good at: embedding in other languages, programs with specific spac...

Medium: rust

Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...

GHSA-WRRJ-H57R-VX9P Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports

The Rust Security Response WG was notified that Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to XSS if the report is subsequent...

Medium: rust

Issue Overview: Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To reco rd when an extraction is successful, Cargo writes "ok" to the...

Amazon Linux 2 : rust (ALAS-2023-1959)

The version of rust installed on the remote host is prior to 1.66.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1959 advisory. Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code ...

SUSE CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

DEBIAN-CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

DEBIAN-CVE-2022-36113

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

Design/Logic Flaw

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

UBUNTU-CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

CVE-2022-36113

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

CVE-2022-36114 Extracting malicious crates can fill the file system

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

CVE-2022-36113

Cargo vulnerability (CVE-2022-36113): Cargo would extract packages into ~/.cargo and mark success with a .cargo-ok file. A malicious package could include a .cargo-ok symlink; when Cargo wrote ok, it would overwrite the first two bytes of the symlink target, enabling corruption of a single file o...

CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

CVE-2022-36114

CVE-2022-36114 concerns Cargo, Rust’s package manager. The advisory states Cargo does not limit data extracted from compressed archives, enabling a zip-bomb attack when a malicious package is uploaded to an alternate registry. This could exhaust disk space on a machine downloading the package. Th...