CVE-2024-21629

Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...

CVE-2024-41949

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

Security update for s390-tools

This update for s390-tools fixes the following issues: Revendored vendor.tar.zst CVE-2025-3416: Fixed use-after-free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242622 Added the new IBM z17 9175 processor type The package is built with the new 4096bit RSA secure boot signing key. Pat...

SUSE-SU-2025:20352-1 Security update for s390-tools

This update for s390-tools fixes the following issues: - CVE-2025-3416: s390-tools: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242622 - Amended the .spec file - Updated the 'service' file - Removed the obsolete file 'cargoconfig' - Updated 'cputype' and...

CVE-2024-44073

The Miniscript aka rust-miniscript library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth...

CVE-2023-30624

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled...

[SECURITY] Fedora 41 Update: python-watchfiles-1.0.3-4.fc41

Simple, modern and high performance file watching and code reload in python. Underlying file system notifications are handled by the Notify rust library...

CVE-2023-34411

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...

[SECURITY] Fedora 42 Update: python-watchfiles-1.0.4-5.fc42

Simple, modern and high performance file watching and code reload in python. Underlying file system notifications are handled by the Notify rust library...

CVE-2022-36125

It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

CVE-2022-36124

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

CVE-2021-25903

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced...

CVE-2021-30455

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clonefrom upon a .clone panic...

CVE-2021-38195

An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...

CVE-2021-38194

An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mulbyinverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified...

CVE-2021-29938

An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drainfilter upon a panic in a predicate function...

CVE-2021-41149

Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached o...

CVE-2021-45711

An issue was discovered in the simpleasn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f...

CVE-2021-45696

An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used...

CVE-2021-45700

An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service Nervos CKB blockchain node crash via a dead call that is used as a DepGroup...