9529 matches found
buffered-reader crate 缓冲区错误漏洞
buffered-reader crate is an input stream reading library for Rust by sequoia individual developers. A buffer error vulnerability exists in buffered-reader crate versions prior to 1.1.5, which stems from out-of-bounds array accesses that may cause a crash...
CVE-2023-53161
The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic...
CVE-2022-50237
The CVE-2022-50237 entry concerns the ed25519-dalek Rust crate prior to version 2. The Keypair implementation enables a double public key signing function oracle attack, enabling an attacker to compute/extract a private key from signatures. Reported impact includes confidentiality loss; CVSSv3.1 ...
CVE-2023-53160
The CVE-2023-53160 vulnerability affects the sequoia-openpgp crate for Rust prior to 1.16.0, where an out-of-bounds array access can cause a panic. This is referenced in multiple advisories (e.g., RustSec advisory RUSTSEC-2023-0038) and Fedora/NASL entries. Affected versions: sequoia-openpgp befo...
CVE-2023-53161
CVE-2023-53161 affects the Rust buffered-reader crate prior to version 1.1.5. The root cause described in the connected sources is an out-of-bounds array access that can cause a panic. The vulnerability is limited to the library level (buffered-reader) and is described as allowing an out-of-bound...
CVE-2023-53160
The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic...
CVE-2023-53161
The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic...
CVE-2023-53159
The CVE-2023-53159 issue affects the rust-openssl crate prior to 0.10.55. It describes an out-of-bounds read caused by an empty string being passed to X509VerifyParamRef::set_host. The entry's CVSS data indicates a high-severity impact (CRITICAL) with network attack vector and high confidentialit...
CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...
CVE-2023-53159
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost...
CVE-2023-53160
The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic...
CVE-2023-53158
CVE-2023-53158 affects the Rust crate gix-transport (before 0.36.1). The issue enables command execution via the substring gix clone 'ssh://-oProxyCommand=open$IFS', i.e., an SSH command injection. Impact details in sources indicate local attack vector with low confidentiality/integrity impact an...
CVE-2023-53158
The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...
CVE-2023-53159
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost...
rust-openssl 安全漏洞
rust-openssl is a library from Rust for interacting with the OpenSSL library. A security vulnerability exists in rust-openssl versions prior to 0.10.55, which stems from an out-of-bounds read of X509VerifyParamRef::sethost...
CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...
CVE-2023-53159
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost...
CVE-2023-53160
The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic...
CVE-2023-53161
The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic...
CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...