Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in versions of Rust nanorand crate prior to 0.6.1, which stems from the fact that the same object can have multiple mutable references. No details of the vulnerability are current...

CVE-2021-45720

An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation...

RUSTSEC-2021-0123 Converting `NSString` to a String Truncates at Null Bytes

Methods of NSString for conversion to a string may return a partial result. Since they call CStr::fromptr on a pointer to the string buffer, the string is terminated at the first null byte, which might not be the end of the string. In addition to the vulnerable functions listed for this issue, th...

[SECURITY] Fedora 34 Update: rust-1.56.1-1.fc34

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

GHSA-QRWC-JXF5-G8X6 Out of bounds read in ordnung

An issue was discovered in the ordnung crate through version 0.0.1 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity...

GHSA-WGX2-6432-J3FW Unsoundness in bigint

An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation...

GHSA-8RC5-MR4F-M243 Use after free in rio

An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race...

OESA-2021-1323 rust security update

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Security Fixes: library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in some...

CVE-2021-38190

An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count...

CVE-2020-36467

An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a memory leak that could be exploited by attackers to read memory from an uninitialized buffer...

Rust 资源管理错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a resource management error that could be exploited by an attacker to create a use-after-release access...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust suffers from a denial-of-service vulnerability that can be exploited by attackers to cause a denial of service...

Rust 跨站脚本漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in comrak crate in versions of Mozilla Rust prior to 0.10.1, which could be exploited by an attacker to execute the script in a Web browser in the secure context of a...

DEBIAN-CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

Rust Resource Management Error Vulnerability (CNVD-2021-38306)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in algorithmica crate for Rust version 2021-03-07 and earlier, which stems from a double free in merge sort::merge.No details of the vulnerability are available a...

Buer Malware Tool Rewritten in E-Z Rust Language

A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Join Threatpost for “Fortifying Your...

A Rust-based Buer Malware Variant Has Been Spotted in the Wild

Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called "Buer" written in Rust, illustrating how adversaries are constantly honing their malware toolsets to evade analysis. Dubbed "RustyBuer," the malware is propagated via email...

ALPINE-CVE-2020-36323

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...

CVE-2020-36317

The CVE-2020-36317 issue affects the Rust standard library prior to 1.49.0, where String::retain() can panic and allow creation of a non-UTF-8 Rust string. This may cause a memory-safety violation when other APIs assume UTF-8 on the same string. Several connected advisories confirm Rust 1.49.0 or...