9526 matches found
CVE-2022-24713
CVE-2022-24713 affects the Rust regex crate. A bug in the mitigations for untrusted regexes may allow denial-of-service via specially crafted regexes executed against user-controlled input. All versions ≤ 1.5.4 are affected; the fix starts with regex 1.5.5. Upgrading to a newer regex crate versio...
CVE-2022-24713
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those tunable mitigations already provide sane defaults to preven...
CVE-2022-24713 Regular expression denial of service in Rust's regex crate
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those tunable mitigations already provide sane defaults to preven...
Regexes with large repetitions on empty sub-expressions take a very long time to parse
The Rust Security Response WG was notified that the regex crate did not properly limit the complexity of the regular expressions regex it parses. An attacker could use this security issue to perform a denial of service, by sending a specially crafted regex to a service accepting untrusted regexes...
RUSTSEC-2022-0013 Regexes with large repetitions on empty sub-expressions take a very long time to parse
The Rust Security Response WG was notified that the regex crate did not properly limit the complexity of the regular expressions regex it parses. An attacker could use this security issue to perform a denial of service, by sending a specially crafted regex to a service accepting untrusted regexes...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
CVE-2021-4034 exploit but in rust, cause why not ? Based on...
abstract-boot (>=0.2.0-beta.4 <=0.2.0-beta.7), ace-test-lib (=0.1.0) +711 more potentially affected by unknown CVE via rust-crypto (=0.2.36)
rust-crypto CARGO version =0.2.36 is affected by a known vulnerability. The following packages have a transitive dependency on rust-crypto and may be impacted: - abstract-boot =0.2.0-beta.4, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =0.1.0, =0.2.0, =0.8.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0 and more...
Miscomputation when performing AES encryption in rust-crypto
The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...
RUSTSEC-2022-0011 Miscomputation when performing AES encryption in rust-crypto
The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...
openSUSE 15 Security Update : rust (openSUSE-SU-2022:0491-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0491-1 advisory. - Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security...
openSUSE: Security Advisory for rust (openSUSE-SU-2022:0491-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
AZL-41314 CVE-2022-0632 affecting package rust for versions less than 1.75.0-1
NULL Pointer Dereference in Homebrew mruby prior to 3.2...
SUSE SLES15 Security Update : rust (SUSE-SU-2022:0491-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0491-1 advisory. - Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust...
SUSE: Security Advisory (SUSE-SU-2022:0491-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:0491-1 Security update for rust
This update for rust fixes the following issues: - CVE-2022-21658: Fixed race condition in std::fs::removedirall bsc1194767...
OPENSUSE-SU-2022:0491-1 Security update for rust
This update for rust fixes the following issues: - CVE-2022-21658: Fixed race condition in std::fs::removedirall bsc1194767...
Security update for rust (moderate)
openSUSE Security Update: Security update for rust Announcement ID: openSUSE-SU-2022:0491-1 Rating: moderate References: 1194767 Cross-References: CVE-2022-21658 CVSS scores: CVE-2022-21658 NVD : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-21658 SUSE: 6.2...
enum_map macro can cause UB when `Enum` trait is incorrectly implemented
Affected versions of this crate did not properly check the length of an enum when using enummap! macro, trusting user-provided length. When the LENGTH in the Enum trait does not match the array length in the EnumArray trait, this can result in the initialization of the enum map with uninitialized...
CVE-2021-3648
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3530. Reason: This candidate is a reservation duplicate of CVE-2021-3530. Notes: All CVE users should reference CVE-2021-3530 instead of this candidate. All references and descriptions in this candidate have been removed to...
AZL-41096 CVE-2022-0614 affecting package rust for versions less than 1.75.0-1
Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2...