CVE-2018-20996

An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling...

CVE-2018-20998

An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr attribute to an enum is mishandled, leading to memory corruption...

CVE-2019-16138

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::setlen is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution...

CVE-2019-25005

An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext...

CVE-2019-25010

An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when privategettypeid is overridden...

CVE-2019-16881

An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in streamcallback and streamfinishedcallback...

CVE-2017-1000430

rust-base64 version = 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encodeconfigbuf' and 'encodeconfig' functions...

CVE-2018-25028

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. getcontext can cause a use-after-free...

CVE-2018-25025

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption...

CVE-2018-25026

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

CVE-2017-18587

An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers...

CVE-2015-20001

In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside siftup or siftdownrange panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory...

Oracle Linux 9 : rust-bootupd (ELSA-2025-7241)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-7241 advisory. 0.2.27-3 - spec: remove ExcludeArch ix86 as this is c9s Resolves: RHEL-77736, RHEL-79091 0.2.27-2 - Add git to the build requires Resolves: RHEL-77736, RHEL-790...

Oracle Linux 9 : keylime-agent-rust (ELSA-2025-7313)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-7313 advisory. 0.2.2-2 - Update openssl crate to version 0.10.70 to fix CVE-2025-24898 Tenable has extracted the preceding description block directly from the Oracle Linux...

SUSE CVE-2025-4432

A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...

adx (>=4.0.0 <=4.1.0), aicommits-rs (>=0.1.0 <=0.2.0) +301 more potentially affected by unknown CVE via surf (>=1.0.1 <=2.3.2)

surf CARGO version =1.0.1, =4.0.0, =0.1.0, =1.0.0, =0.3.0, =0.10.0, =0.3.0, =0.5.0, =0.1.0, =0.6.0, =0.3.0, =0.1.0, =0.0.1, =0.2.4 - async-bybit =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0036...

Security update for cargo-c

This update for cargo-c fixes the following issues: CVE-2025-3416: use-after-free in Md::fetch and Cipher::fetch of rust-openssl crate bsc1242675. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

SUSE-SU-2025:1570-1 Security update for cargo-c

This update for cargo-c fixes the following issues: - CVE-2025-3416: use-after-free in Md::fetch and Cipher::fetch of rust-openssl crate bsc1242675...

SUSE-SU-2025:1560-1 Security update for rustup

This update for rustup fixes the following issues: - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242617...

SafeTrans: LLM-Assisted Transpilation from C to Rust

Rust is a strong contender for a memory-safe alternative to C as a "systems" programming language, but porting the vast amount of existing C code to Rust is a daunting task. In this paper, we evaluate the potential of large language models LLMs to automate the transpilation of C code to idiomatic...