CVE-2019-25010

An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when privategettypeid is overridden...

Alibaba Cloud Linux 3 : 0116: rust-toolset:rhel8 (ALINUX3-SA-2022:0116)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0116 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-12083: The Rust Programming...

CVE-2025-46718

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...

CVE-2024-58253

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value...

CVE-2024-58253

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value...

CVE-2024-58253

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value...

[SECURITY] Fedora 40 Update: python-pydantic-core-2.20.1-3.fc40

The pydantic-core project provides the core validation logic for pydantic written in Rust...

CVE-2025-32033 Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter...

rust bug fix and enhancement update

An update is available for rust. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust is a systems programming language that runs blazingly fast, prevents...

CVE-2025-29787

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

Linux Distros Unpatched Vulnerability : CVE-2022-36113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, makin...

CVE-2025-24898

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

RUSTSEC-2025-0002 Segmentation fault due to lack of bound check

In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...

PT-2025-35324

Name of the Vulnerable Software and Affected Versions tracing-subscriber versions prior to 0.3.20 Description tracing-subscriber was susceptible to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged,...

[SECURITY] Fedora 41 Update: rust-rustls-0.23.19-1.fc41

Rustls is a modern TLS library written in Rust...

[SECURITY] Fedora 40 Update: rust-rustls-0.23.19-1.fc40

Rustls is a modern TLS library written in Rust...

New Stealer Uses Invalid Cert To Compromise Systems

New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...

Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 68%

Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding fo...

CVE-2024-43402 Rust OS Command Injection/Argument Injection vulnerability

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

ROS-20240805-02

A vulnerability in the implementation of the application program interface of the Rust programming language interpreter for Windows operating systems is related to the introduction or modification of arguments. Windows operating systems is related to the introduction or modification of arguments...