DEBIAN-CVE-2021-38511

An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal...

CVE-2021-38512

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling aka HRS can occur, potentially leading to credential disclosure...

CVE-2021-38511

An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal...

Design/Logic Flaw

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling aka HRS can occur, potentially leading to credential disclosure...

CVE-2021-38511

An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal...

CVE-2021-38511

CVE-2021-38511 affects the Rust tar crate prior to 0.4.36. When a TAR archive contains symlinks, extraction can perform a directory traversal with “..”, potentially creating arbitrary directories. Practical impact is described as partial integrity/authoritative access loss during extraction; expl...

CVE-2021-38512

CVE-2021-38512 affects the actix-http crate for Rust, with the vulnerability in HTTP/1 request handling (HRS) present in versions before 3.0.0-beta.9. The issue can lead to credential disclosure when interacting with a vulnerable front-end proxy. Affected component: actix-http (Rust). Root cause:...

Moderate: Red Hat Security Advisory: rust-toolset:rhel8 security, bug fix, and enhancement update

An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

rust: optimization for joining strings can cause uninitialized bytes to be exposed

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...

rust: panic safety issue in Zip implementation

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety...

rust: integer overflow in the Zip implementation can lead to a buffer overflow

In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again...

rust: heap-based buffer overflow in read_to_end() because it does not validate the return value from Read in an unsafe context

In the standard library in Rust before 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow...

rust: memory safety violation in Zip implementation when next_back() and next() are used together

In the standard library in Rust before 1.52.0, the Zip implementation calls iteratorgetunchecked more than once for the same index under certain conditions when nextback and next are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the...

rust: memory safety violation in Zip implementation for nested iter::Zips

In the standard library in Rust before 1.51.0, the Zip implementation calls iteratorgetunchecked for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait...

rust: double free in Vec::from_iter function if freeing the element panics

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...

CVE-2021-29922

A flaw was found in rust. Extraneous zero characters at the beginning of an IP address string are not properly considered which can allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation Mitigation for...

Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. The following packages have been upgraded to a later upstream version: rust 1.52.1. BZ1953002 Security Fixes: rust: optimization for joining strings can cause...

RLSA-2021:3063 Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. The following packages have been upgraded to a later upstream version: rust 1.52.1. BZ1953002 Security Fixes: rust: optimization for joining strings can cause...

rust-toolset:rhel8 security, bug fix, and enhancement update

An update is available for rust-toolset, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc...

rust: double free in Vec::from_iter function if freeing the element panics

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...