CVE-2025-54867

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5...

[SECURITY] Fedora 42 Update: helix-25.01.1-6.fc42

A Kakoune / Neovim inspired editor, written in Rust...

Servo 安全漏洞

Servo is a prototype web browser engine written in the Rust language from the Servo open source. A security vulnerability exists in Servo that stems from improper validation of punycode unsafe equivalence, which could lead to hostname obfuscation...

CVE-2025-48756

In groupnumber in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits e.g., 5 bits for group number...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation in the United States. A security vulnerability exists in Rust that stems from an attempt to allocate memory for zero-size types...

CVE-2021-28306

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent...

CVE-2021-29930

An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default...

CVE-2020-36209

An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur...

CVE-2020-35916

An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. In the case of LLVM, the IR may be always correct...

C2RUST-BENCH: a Minimized, Representative Dataset for C-To-Rust Transpilation Evaluation

Despite the effort in vulnerability detection over the last two decades, memory safety vulnerabilities continue to be a critical problem. Recent reports suggest that the key solution is to migrate to memory-safe languages. To this end, C-to-Rust transpilation becomes popular to resolve...

Russh 安全漏洞

Russh is a Rust SSH client and server-side library from the individual developers at Eugene. A security vulnerability exists in Russh that stems from allocating an untrusted amount of memory...

GHSA-XMRP-424F-VFPX SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...

OESA-2024-1811 rust security update

Rust is a systems programming language focused on three goals:safety, speed,and concurrency.It maintains these goals without having a garbage collector, making it a useful language for a number of use cases other languages are not good at: embedding in other languages, programs with specific spac...

Tor Arti 安全漏洞

Tor Arti is a project of the Tor team to generate embeddable, production-quality implementations of the Tor anonymization protocol in the Rust programming language. A security vulnerability exists in Tor Arti versions prior to 1.2.3, which stems from a message length error...

Critical Rust Flaw Renders Windows Systems Vulnerable

...

Exploit for CVE-2024-24576

CVE-2024-24576 PoC The Command::arg and Command::ar...

The vulnerability of the h2 library in the Rust programming language in the Tokio environment, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the h2 library in the Rust programming language in the Tokio environment is related to unlimited resource distribution. Exploiting this vulnerability can allow a remote attacker to cause service failures...

PT-2024-2636 · Unknown · H2 Library

Name of the Vulnerable Software and Affected Versions: h2 library affected versions not specified Description: The issue is related to unbounded resource allocation in the h2 library of the Rust programming language in a Tokio environment. Exploitation of this issue could allow a remote attacker ...

OESA-2024-1204 rust security update

Rust is a systems programming language focused on three goals:safety, speed,and concurrency.It maintains these goals without having a garbage collector, making it a useful language for a number of use cases other languages are not good at: embedding in other languages, programs with specific spac...

GHSA-Q669-2VFG-CXCG Nervos CKB Unaligned Pointer Dereference

via [email protected] There are multiple type conversions in ckb that unsafely cast between byte pointers and other types of pointers. This results in unaligned pointers, which are not allowed by the Rust language, and are considered undefined behavior, meaning that the compiler is free to do...