CVE-2021-38194

The CVE-2021-38194 issue affects the ark-r1cs-std crate for Rust (versions before 0.3.1). FieldVar::mul_by_inverse does not enforce constraints, allowing a malicious prover to produce an unsound proof that still verifies. The problem is caused by missing constraint checks in this method, compromi...

CVE-2021-38195

The CVE-2021-38195 issue affects the libsecp256k1 crate for Rust, specifically versions before 0.5.0. The root cause is an overflow where the R or S parameter can be larger than the curve order, allowing an invalid signature to be verified. This vulnerability is described in multiple connected re...

CVE-2021-38196

An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose...

CVE-2021-38196

CVE-2021-38196 relates to the Rust crate better-macro , where a deliberate RCE via proc-macros was demonstrated through 2021-07-22. The connected documents confirm remote code execution potential and a purposefully malicious context, with coverage across RustSec, GHSA, OSV, and national advisorie...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust suffers from a denial-of-service vulnerability that can be exploited by attackers to cause a denial of service...

Rust 命令注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A command injection vulnerability exists in Mozilla Rust's schets multiqueue, which can be exploited by attackers to cause data contention errors or other undefined behavior...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. buffer overflow vulnerabilities exist in versions of Mozilla Rust prior to 0.3.0, stemming from the ticketedlock crate in Rust. there are unconditional Send implementations for ReadTicket and WriteTicket, which...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in Mozilla Rust versions prior to 0.1.5, which stems from a software libsbc crate that implements Send for any Decoder , for any R: Read, and can be exploited by an attacke...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause memory corruption...

Rust 命令注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A command execution vulnerability exists in letre crate before Mozilla Rust 0.9.6, which can be exploited by attackers to execute arbitrary SMTP commands on the system...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A denial-of-service vulnerability exists in max7301 crate in versions of Mozilla Rust prior to 0.2.0, which can be exploited by attackers to cause data contention by sending specially crafted requests...

Rust 代码注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A code execution vulnerability exists in Mozilla Rust's Better-macro crate, which can be exploited by attackers to execute arbitrary code on a system...

Rust 安全漏洞

A security vulnerability exists in the Iced-x86 crate of Mozilla Rust version 1.10.3, which could be exploited by attackers to launch further attacks on the system...

Rust 跨站脚本漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in comrak crate in versions of Mozilla Rust prior to 0.10.1, which could be exploited by an attacker to execute the script in a Web browser in the secure context of a...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A code execution vulnerability exists in nalgebra crate prior to Mozilla Rust 0.27.1, which stems from the failure of nalgebra crate to ensure that the number of elements equals the product of the number of rows...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. fizyk20/generic-array of Mozilla Rust suffers from a memory corruption vulnerability, which can be exploited by attackers to cause various memory corruption scenarios...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in the anymap crate of Mozilla Rust version 0.12.1, which can be exploited by attackers to compromise soundness by converting u8 to u64...

Rust 竞争条件问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A denial of service exists in Mozilla Rus, which can be exploited by attackers to cause a denial of service...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability in ark-r1cs-std crate in Mozilla Rust before 0.3.1, which stems from FieldVar:: the mulbyinverse method does not enforce any constraints and can be exploited by an attacker to launch...

Rust 竞争条件问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust suffers from a denial-of-service vulnerability that can be exploited by attackers to cause data contention by sending specially crafted requests...