339 matches found
CVE-2023-53161
CVE-2023-53161 affects the Rust buffered-reader crate prior to version 1.1.5. The root cause described in the connected sources is an out-of-bounds array access that can cause a panic. The vulnerability is limited to the library level (buffered-reader) and is described as allowing an out-of-bound...
CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...
CVE-2023-53159
The CVE-2023-53159 issue affects the rust-openssl crate prior to 0.10.55. It describes an out-of-bounds read caused by an empty string being passed to X509VerifyParamRef::set_host. The entry's CVSS data indicates a high-severity impact (CRITICAL) with network attack vector and high confidentialit...
CVE-2023-53158
The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...
CVE-2023-53159
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost...
CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...
CVE-2024-58265
The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...
CVE-2024-58264
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
CVE-2024-58264
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
CVE-2024-58265
The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...
CVE-2024-58263
CVE-2024-58263 concerns the cosmwasm-std crate prior to version 2.0.2 for Rust, which allows integer overflows that can lead to incorrect contract calculations. The vulnerability stems from wrapping arithmetic used in core operations, potentially causing miscalculations in smart contracts that re...
CVE-2024-58264
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
CVE-2024-58266
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
CVE-2023-53157
The rosenpass crate before 0.2.1 for Rust allows remote attackers to cause a denial of service panic via a one-byte UDP packet...
CVE-2024-58265
CVE-2024-58265 affects the Rust snow crate prior to 0.9.5 when using stateful TransportState. The vulnerability allows an attacker to increment a nonce, resulting in denial of message delivery. The provided documents confirm the vulnerable component (snow crate) and the specific condition (statef...
CVE-2023-53157
The rosenpass crate before 0.2.1 for Rust allows remote attackers to cause a denial of service panic via a one-byte UDP packet...
CVE-2024-58266
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
CVE-2023-53156
The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...
NewStart CGSL MAIN 7.02 : rust Vulnerability (NS-SA-2025-0146)
The remote NewStart CGSL host, running version MAIN 7.02, has rust packages installed that are affected by a vulnerability: - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the uma...
CBL Mariner 2.0 Security Update: azl-compliance / rust (CVE-2025-4574)
The version of azl-compliance / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4574 advisory. - In crossbeam-channel rust crate, the internal Channel type's Drop method has a race condition...