9526 matches found
CVE-2022-21658
CVE-2022-21658 affects Rust’s std::fs::remove_dir_all, due to a race condition (CWE-363) that could allow an attacker to trick a privileged process into deleting files/directories outside the target. Affected Rust releases: 1.0.0–1.58.0; patch released in 1.58.1. Impact can be significant for pri...
CVE-2022-21658 Race condition in std::fs::remove_dir_all in rustlang
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...
CVE-2022-21658 Race condition in std::fs::remove_dir_all in rustlang
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...
Rust 竞争条件问题漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A Competing Conditions Issue vulnerability exists in Rust that arises from the product's std::fs::removedirall function that does not validate user permissions. An attacker could use this vulnerability to remove...
Rust -- Race condition enabling symlink following
The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable to a race condition enabling symlink following CWE-363. An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn...
CVE-2022-21658
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...
unidb (>=0.2.1 <=0.3.5), unidb_odbc (>=0.1.0 <=0.1.1) +1 more potentially affected by unknown CVE via r2d2_odbc (=0.5.0)
r2d2odbc CARGO version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on r2d2odbc and may be impacted: - unidb =0.2.1, =0.1.0, =0.1.1 - unidbpgsql =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0036...
CVE-2021-46195
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service DoS by consuming excessive CPU and memory resources...
CVE-2021-46195
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service DoS by consuming excessive CPU and memory resources...
DEBIAN-CVE-2021-46195
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service DoS by consuming excessive CPU and memory resources...
CVE-2021-46195
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service DoS by consuming excessive CPU and memory resources...
Design/Logic Flaw
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service DoS by consuming excessive CPU and memory resources...
UBUNTU-CVE-2021-46195
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service DoS by consuming excessive CPU and memory resources...
CVE-2021-46195
CVE-2021-46195 affects GCC v12.0, specifically the libiberty/rust-demangle.c component. The issue is an uncontrolled recursion that allows a DoS by consuming CPU and memory. The provided connected Nessus entry for MiracleLinux 9 notes a linked advisory tying GCC 12.0.1-11.2.el9 to this CVE, confi...
CVE-2021-46195
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service DoS by consuming excessive CPU and memory resources...
CVE-2021-46195
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service DoS by consuming excessive CPU and memory resources...
afterglow (>=0.1.0 <=0.3.0), aiid_js (=0.0.1) +47 more potentially affected by unknown CVE via bumpalo (=2.6.0)
bumpalo CARGO version =2.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on bumpalo and may be impacted: - afterglow =0.1.0, =0.5.4, =0.1.0, =3.0.0, =4.0.2, =0.114.0, =0.114.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.6.1 and more Source cves: unkno...
acme-dns-rust (>=1.0.0 <=1.0.6), acme2-slim (=0.2.0) +161 more potentially affected by unknown CVE via warp (>=0.1.23 <=0.3.1)
warp CARGO version =0.1.23, =1.0.0, =0.1.0, =0.1.0, =0.1.5, =0.1.0, =1.0.0, =0.14.0, =0.4.0, =0.1.0, =0.1.0, =0.1.6 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0082...
Use-after-free due to a lifetime error in `Vec::into_iter()`
In affected versions of this crate, the lifetime of the iterator produced by Vec::intoiter is not constrained to the lifetime of the Bump that allocated the vector's memory. Using the iterator after the Bump is dropped causes use-after-free accesses. The following example demonstrates memory...
RUSTSEC-2022-0078 Use-after-free due to a lifetime error in `Vec::into_iter()`
In affected versions of this crate, the lifetime of the iterator produced by Vec::intoiter is not constrained to the lifetime of the Bump that allocated the vector's memory. Using the iterator after the Bump is dropped causes use-after-free accesses. The following example demonstrates memory...