9526 matches found
Code injection
The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...
CVE-2023-33290
CVE-2023-33290 affects the Rust crate for parsing Git URLs, specifically the git-url-parse crate up to version 0.4.4. The vulnerability is a Regular Expression Denial of Service (ReDoS) via a crafted URL to the normalize_url function in lib.rs. This can lead to high impact on availability (Denial...
CVE-2023-33290
The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...
CVE-2023-33290
The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...
abel (>=0.1.0 <=0.1.1), abel-core (>=0.1.0 <=0.1.1) +312 more potentially affected by unknown CVE via ouroboros (>=0.10.1 <=0.15.6)
ouroboros CARGO version =0.10.1, =0.1.0, =0.1.0, =0.4.0, =0.4.0, =0.4.0, =0.1.0, =1.1.0, =0.6.0, =0.1.0, =0.1.1, =0.3.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0042...
RUSTSEC-2023-0042 Ouroboros is Unsound
Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...
Ouroboros is Unsound
Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...
Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation
Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug...
aardvark-dns (>=1.0.3 <=1.1.0), acme-dns-rust (>=1.0.0 <=1.1.6) +16 more potentially affected by unknown CVE via trust-dns-server (>=0.13.0 <=0.22.0)
trust-dns-server CARGO version =0.13.0, =1.0.3, =1.0.0, =1.4.0, =1.7.0, =0.1.0, =1.12.2, =1.13.0 - localns =1.0.0 - oxidux =0.4.0 - polyresolver =0.1.0 - simple-dns-server =0.1.0 - single-use-dns =0.1.0 - snail =0.4.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5FM9-H728-FWPJ...
GHSA-29MF-62XX-28JQ buffered-reader vulnerable to out-of-bounds array access leading to panic
Affected versions of the crate have a bug where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not...
libpijul (>=0.12.0 <=0.12.1), pijul (>=0.12.0 <=0.12.1) +7 more potentially affected by CVE-2023-53161 via buffered-reader (>=0.11.0 <=0.5.0)
buffered-reader CARGO version =0.11.0, =0.12.0, =0.12.0, =0.1.0, =0.1.0, =0.17.0, =0.2.0, =0.0.1, =0.1.0, =0.4.0 Source cves: CVE-2023-53161 Source advisory: OSV:GHSA-29MF-62XX-28JQ...
buffered-reader vulnerable to out-of-bounds array access leading to panic
Affected versions of the crate have a bug where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not...
GHSA-25MX-8F3V-8WH7 sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Affected versions of the crate have several bugs where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it ...
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Affected versions of the crate have several bugs where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it ...
GHSA-7GF7-JV65-WJMH xml-rs vulnerable to denial of service via invalid token in XML document
The xml-rs crate = 0.8.9 and 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document...
xml-rs vulnerable to denial of service via invalid token in XML document
The xml-rs crate = 0.8.9 and 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document...
CVE-2023-34411
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid...
CVE-2023-34411
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...
CVE-2023-34411
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...
CVE-2023-34411
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...