9534 matches found
CVE-2025-11233
CVE-2025-11233 affects Rust when using the tier 3 Cygwin target (x86_64-pc-cygwin) with Rust 1.87.0 up to 1.88.x. The standard library Path API failed to handle backslash-separated components on Cygwin, potentially enabling path traversal or unsafe filesystem operations. Rust 1.89.0 fixes the iss...
CVE-2025-11233 Rust standard library didn't detect all path separators on Cygwin
Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...
[SECURITY] Fedora 41 Update: python-nh3-0.2.15-7.fc41
Python binding to Ammonia HTML sanitizer Rust crate...
[SECURITY] Fedora 41 Update: rust-ammonia-3.3.1-1.fc41
HTML Sanitization...
[SECURITY] Fedora 42 Update: python-nh3-0.2.21-2.fc42
Python binding to Ammonia HTML sanitizer Rust crate...
[SECURITY] Fedora 42 Update: rust-ammonia-4.0.1-1.fc42
HTML Sanitization...
[SECURITY] Fedora 43 Update: rust-ammonia-4.1.2-1.fc43
HTML Sanitization...
[SECURITY] Fedora 43 Update: python-nh3-0.2.21-8.fc43
Python binding to Ammonia HTML sanitizer Rust crate...
Fedora 42 : python-nh3 / rust-ammonia (2025-7ec84ba6e9)
The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-7ec84ba6e9 advisory. Update the ammonia crate to version 4.0.1 and rebuild python-nh3 to apply fixes for RUSTSEC-2025-0071. Tenable has extracted the preceding description block...
PT-2025-40278
Name of the Vulnerable Software and Affected Versions Rust versions 1.87.0 through 1.88.9 Description The standard library’s Path API did not correctly handle path separators on the tier 3 Cygwin target x86 64-pc-cygwin in versions prior to 1.89.0. This caused the API to ignore path components...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust version 1.87.0 through versions prior to 1.89.0, which stems from improper handling of path separators and could lead to a path traversal attack or malicious file system...
Amazon Linux 2023 : glycin-loaders (ALAS2023-2025-1193)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1193 advisory. tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence...
Fedora 43 : python-nh3 / rust-ammonia (2025-074aba6ad4)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-074aba6ad4 advisory. Update the ammonia crate to version 4.1.2 and rebuild python-nh3 to apply fixes for RUSTSEC-2025-0071. Tenable has extracted the preceding description block...
SandCell: Sandboxing Rust beyond Unsafe Code
Rust is a modern systems programming language that ensures memory safety by enforcing ownership and borrowing rules at compile time. While the unsafe keyword allows programmers to bypass these restrictions, it introduces significant risks. Various approaches for isolating unsafe code to protect...
[SECURITY] Fedora 42 Update: rust-az-snp-vtpm-0.7.4-1.fc42
VTPM based SEV-SNP attestation for Azure Confidential VMs...
[SECURITY] Fedora 42 Update: rust-az-tdx-vtpm-0.7.4-1.fc42
VTPM based TDX attestation for Azure Confidential VMs...
[SECURITY] Fedora 42 Update: rust-az-cvm-vtpm-0.7.4-3.fc42
Package with shared code for Azure Confidential VMs...
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fastlog to steal Solana and Ethereum wallet keys from source code. The crates, named fasterlog and asyncprintln, were published by the threat actor under the alias rustguruman and...
Fedora 42 : rust-az-cvm-vtpm / rust-az-snp-vtpm / rust-az-tdx-vtpm / etc (2025-2408b72979)
The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-2408b72979 advisory. Rebase trustee-guest-components to v0.13.0 Include rust-az-???-vtpm packages rebase to version 0.7.4 Adjust patches to work with 'sev' version 6...
Malicious Package
Overview asyncprintln is a malicious package. Two malicious Rust crates, fasterlog impersonates the legitimate fastlog library and asyncprintln attempt to scan source files for Quoted Ethereum private keys 0x + 64 hex, Solana-style Base58 secrets and Bracketed byte arrays to later exfiltrate...