CVE-2025-46718 sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...

CVE-2025-46717 sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...

CVE-2025-47736

dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8...

CVE-2025-47737

lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero...

CVE-2025-47735

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

Duplicate Advisory: ring has some AES functions that may panic when overflow checking is enabled in

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4p46-pwfr-66x6. This link is maintained to preserve external references. Original Description A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC...

GHSA-C86P-W88R-QVQR Duplicate Advisory: ring has some AES functions that may panic when overflow checking is enabled in

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4p46-pwfr-66x6. This link is maintained to preserve external references. Original Description A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC...

CVE-2025-4432

A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...

CVE-2025-4432

A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...

UBUNTU-CVE-2025-4432

A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...

CVE-2025-4432

A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...

CVE-2025-4432

CVE-2025-4432 affects Rust’s Ring crate. A panic can be triggered when overflow checking is enabled; in QUIC, a specially crafted packet can induce this panic, likely ~1 in 2^32 packets. CVSS v3.1 base score 5.3 (Network, Low attack complexity, No privileges, No user interaction; Availability imp...

CVE-2025-4432 Ring: some aes functions may panic when overflow checking is enabled in ring

A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...

wgp race condition in inner::drop

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

trailer mishandles allocating with a size of zero

lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero...

GHSA-6X45-R4PR-5362 trailer mishandles allocating with a size of zero

lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero...

GHSA-8M95-FFFC-H4C5 libsql-sqlite3-parser crash due to invalid UTF-8 input

dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8...

GHSA-2W4W-4385-VH4H wgp race condition in inner::drop

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

CVE-2025-47735

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

CVE-2025-47736

dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8...