9528 matches found
CVE-2024-24576
A command injection flaw was found in Rust, exclusive to Windows environments. When invoking batch files on Windows using the Command API, Rust explicitly uses cmd.exe which has complicated parsing rules for arguments. If an attacker can control part of the command arguments of the batch file, th...
CVE-2024-24576
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...
CVE-2024-24576
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...
CVE-2024-24576
CVE-2024-24576 affects Rust’s standard library on Windows where Command::arg/args escaping for batch files was not thorough enough. This could allow arbitrary shell commands when untrusted input is passed to batch file invocations via cmd.exe, enabling LPE/RCE scenarios as described in PoC and pu...
CVE-2024-24576 Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...
CVE-2024-24576 Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...
CVE-2024-24576 Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...
CVE-2024-24576
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 1.77.2 that stems from not properly escaping parameters of a batch file on Windows, which could allow an attacker to execute arbitrary shell commands ...
PT-2024-2720
Name of the Vulnerable Software and Affected Versions Rust versions prior to 1.77.2 Description A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability allows attackers to execute arbitrary shell...
PT-2024-5911 · Rust +1 · Rust +1
Name of the Vulnerable Software and Affected Versions: Rust affected versions not specified Description: The issue is related to the std::process::Command component of the Rust programming language on Windows operating systems. It involves the injection or modification of arguments, potentially...
The vulnerability of the h2 library in the Rust programming language in the Tokio environment, related to unlimited resource distribution, allows attackers to cause service failures.
The vulnerability of the h2 library in the Rust programming language in the Tokio environment is related to unlimited resource distribution. Exploiting this vulnerability can allow a remote attacker to cause service failures...
at51 (>=0.1.1 <=0.4.1), atrac3p-decoder (>=0.1.0 <=0.1.2) +51 more potentially affected by CVE-2023-53156 via transpose (=0.1.0)
transpose CARGO version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on transpose and may be impacted: - at51 =0.1.1, =0.1.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =2.6.2, =0.6.0, =0.1.0, =0.1.0, =0.1.1 and more Source...
transpose: Buffer overflow due to integer overflow
Given the function transpose::transpose: rust fn transposeinput: &T, output: &mut T, inputwidth: usize, inputheight: usize The safety check inputwidth inputheight == output.len can fail due to inputwidth inputheight overflowing in such a way that it equals output.len. As a result of failing the...
acme-dns-rust (>=1.0.0 <=1.0.6), asfa (>=0.1.0 <=0.5.2) +72 more potentially affected by unknown CVE via whoami (>=0.5.3 <=1.2.3)
whoami CARGO version =0.5.3, =1.0.0, =0.1.0, =3.0.0, =0.60.0, =0.60.0, =0.1.0, =0.27.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.2.1, =0.0.0, =0.0.1, =0.1.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W5W5-8VFH-XCJQ...
AZL-39785 CVE-2024-31852 affecting package rust for versions less than 1.75.0-9
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
AZL-39842 CVE-2024-31852 affecting package rust for versions less than 1.72.0-8
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
AZL-39520 CVE-2024-28182 affecting package rust for versions less than 1.68.0-1
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...
AZL-38719 CVE-2024-28182 affecting package rust for versions less than 1.75.0-1
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...
CVE-2024-3296
A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...