Azure Linux 3.0 Security Update: kata-containers (CVE-2024-32650)

The version of kata-containers installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32650 advisory. - Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall int...

rustls-pemfile is unmaintained

The rustls-pemfile crate is no longer maintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper around the...

AskAI (=0.1.0), BiliupApi (>=0.1.0 <=0.1.7) +4182 more potentially affected by unknown CVE via rustls-pemfile (>=0.2.1 <=2.2.0)

rustls-pemfile CARGO version =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.7.0, =0.4.0, =0.21.0-alpha.1, =0.1.11, =0.11.0, =0.2.0, =0.5.1, =0.5.4 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0134...

RUSTSEC-2025-0134 rustls-pemfile is unmaintained

The rustls-pemfile crate is no longer maintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper around the...

curl: Double-free vulnerability in libcurl with rustls via NoServerCertVerifier condition leads to application crash

Summary: There is a double-free in libcurl with rustls. The root cause is reported and it is fixed in https://github.com/curl/curl/pull/19425, while I did not try to evaluate the actual triggering at that time. No AI was used to find the issue or generate the report. Affected version It was...

curl: Incorrect sizeof() in Rustls Backend Memory Allocation

Summary There's a bug in lib/vtls/rustls.c where malloc uses sizeofciphersuites instead of sizeofciphersuites. This allocates memory based on pointer size rather than element size. Steps To Reproduce 1. Look at lib/vtls/rustls.c line 530: c const struct rustlssupportedciphersuite ciphersuites =...

Security update for gstreamer-plugins-rs

This update for gstreamer-plugins-rs fixes the following issues: Update to version 0.12.11 jscPED-13826: CVE-2024-32650: Fixed infinite loop in rustls::conn::ConnectionCommon:completeio with proper client input bsc1223219. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2025:03629-1 Security update for gstreamer-plugins-rs

This update for gstreamer-plugins-rs fixes the following issues: Update to version 0.12.11 jscPED-13826: - CVE-2024-32650: Fixed infinite loop in rustls::conn::ConnectionCommon:completeio with proper client input bsc1223219...

EUVD-2019-6524

Malware in sbrugna...

EUVD-2021-1514

Malware in sbrugna...

EUVD-2024-34179

Malicious code in bioql PyPI...

EUVD-2024-1125

Malicious code in bioql PyPI...

Rustls: rustls network-reachable panic in `acceptor::accept`

...

Linux Distros Unpatched Vulnerability : CVE-2024-11738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service panic via a fragmented TLS ClientHello message. CVE-2024-11738...

SUSE-SU-2025:02809-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 - Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344...

CVE-2024-58254

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-11738. Reason: This candidate is a duplicate of CVE-2024-11738. Notes: All CVE users should reference CVE-2024-11738 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2024-58254

...

CVE-2024-58254

CVE-2024-58254 is rejected/not used; reference CVE-2024-11738 instead.

PT-2025-28032 · Rustls · Rustls

Name of the Vulnerable Software and Affected Versions: rustls versions 0.23.13 through 0.23.17 Description: The issue allows a panic via a fragmented TLS ClientHello when rustls::server::Acceptor::accept is used. Recommendations: For rustls versions 0.23.13 through 0.23.17, update to version...

An ETSI GS QKD Compliant TLS Implementation

A modification of the TLS protocol is presented, using our implementation of the Quantum Key Distribution QKD standard ETSI GS QKD 014 v1.1.1. We rely on the Rustls library for this. The TLS protocol is modified while maintaining backward compatibility on the client and server side. We thus wish ...