Moderate: Red Hat Security Advisory: rust-toolset-1.52 and rust-toolset-1.52-rust security and enhancement update

New rust-toolset-1.52 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

rust: memory safety violation in Zip implementation for nested iter::Zips

In the standard library in Rust before 1.51.0, the Zip implementation calls iteratorgetunchecked for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait...

rust: optimization for joining strings can cause uninitialized bytes to be exposed

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...

rust: heap-based buffer overflow in read_to_end() because it does not validate the return value from Read in an unsafe context

In the standard library in Rust before 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow...

rust: panic safety issue in Zip implementation

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety...

rust: integer overflow in the Zip implementation can lead to a buffer overflow

In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again...

Mozilla Rust Denial of Service Vulnerability (CNVD-2021-61400)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. playXE/cgc for Mozilla Rust suffers from a denial-of-service vulnerability that can be exploited by attackers to cause data contention...

Mozilla Rust Denial of Service Vulnerability (CNVD-2021-61401)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A denial-of-service vulnerability exists in Mozilla Rust's sklose disrustor, which stems from the fact that RingBuffer does not properly limit the number of variable references, and can be exploited by attackers...

Mozilla Rust Denial of Service Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A denial of service exists in Mozilla Rus, which can be exploited by attackers to cause a denial of service...

Mozilla Rust has an unspecified vulnerability (CNVD-2021-61408)

A security vulnerability exists in the Iced-x86 crate of Mozilla Rust version 1.10.3, which could be exploited by attackers to launch further attacks on the system...

Mozilla Rust Command Execution Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A command execution vulnerability exists in letre crate before Mozilla Rust 0.9.6, which can be exploited by attackers to execute arbitrary SMTP commands on the system...

Mozilla Rust code execution vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A code execution vulnerability exists in Mozilla Rust's Better-macro crate, which can be exploited by attackers to execute arbitrary code on a system...

Mozilla Rust has an unspecified vulnerability (CNVD-2021-61405)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in the anymap crate of Mozilla Rust version 0.12.1, which can be exploited by attackers to compromise soundness by converting u8 to u64...

Mozilla Rust Denial of Service Vulnerability (CNVD-2021-61403)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A denial-of-service vulnerability exists in the appendix box of Mozilla Rust versions prior to November 15, 2020, which can be exploited by an attacker to cause data contention by sending a specially crafted...

Mozilla Rust has an unspecified vulnerability (CNVD-2021-61409)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability in ark-r1cs-std crate in Mozilla Rust before 0.3.1, which stems from FieldVar:: the mulbyinverse method does not enforce any constraints and can be exploited by an attacker to launch...

Alexcrichton Tar-rs 路径遍历漏洞

Alexcrichton Tar-rs is a tar archive read/write library for Rust. A path traversal vulnerability exists in Alexcrichton Tar-rs, which stems from a logical error in the implementation of the product's decompression feature, and could allow an attacker to create files in other directories by...

Mozilla Rust Denial of Service Vulnerability (CNVD-2021-61390)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust suffers from a denial-of-service vulnerability that can be exploited by attackers to cause a denial of service...

Mozilla Rust Denial of Service Vulnerability (CNVD-2021-61404)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A denial-of-service vulnerability exists in max7301 crate in versions of Mozilla Rust prior to 0.2.0, which can be exploited by attackers to cause data contention by sending specially crafted requests...

[SECURITY] Fedora 34 Update: rust-rav1e-0.4.1-4.fc34

Fastest and safest AV1 encoder...

CVE-2021-38193

An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870...