CVE-2022-35256 affecting package rust for versions less than 1.75.0-1

CVE-2022-35256 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...

CVE-2022-0632 affecting package rust for versions less than 1.75.0-1

CVE-2022-0632 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...

Fedora 37 : rust (2023-19bcafe341)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-19bcafe341 advisory. Security fix for CVE-2022-46176: Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. For more details, see the...

AZL-40264 CVE-2024-32884 affecting package rust for versions less than 1.72.0-8

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

AZL-39842 CVE-2024-31852 affecting package rust for versions less than 1.72.0-8

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

AZL-39520 CVE-2024-28182 affecting package rust for versions less than 1.68.0-1

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

AZL-38719 CVE-2024-28182 affecting package rust for versions less than 1.75.0-1

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

CVE-2023-45853 affecting package rust for versions less than 1.75.0-1

CVE-2023-45853 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...

AZL-61246 CVE-2023-48795 affecting package rust for versions less than 1.90.0-1

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AZL-61279 CVE-2023-45853 affecting package rust for versions less than 1.85.0-1

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

CVE-2023-32001 affecting package rust for versions less than 1.72.0-2

CVE-2023-32001 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-40030 affecting package rust for versions less than 1.72.0-2

CVE-2023-40030 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-29932 affecting package rust for versions less than 1.72.0-2

CVE-2023-29932 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-23916 affecting package rust for versions less than 1.72.0-2

CVE-2023-23916 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-27534 affecting package rust for versions less than 1.72.0-2

CVE-2023-27534 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-28319 affecting package rust for versions less than 1.72.0-2

CVE-2023-28319 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-28321 affecting package rust for versions less than 1.72.0-2

CVE-2023-28321 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5. A patched version of the package is available...

Moderate Photon OS Security Update - PHSA-2023-5.0-0067

Updates of 'rust' packages of Photon OS have been released...

USN-6275-1: Cargo vulnerability

Addison Crump discovered that Cargo incorrectly set file permissions on UNIX-like systems when extracting crate archives. If the crate would contain files writable by any user, a local attacker could possibly use this issue to execute code as another user...