77 matches found
[SECURITY] Fedora 42 Update: maturin-1.9.6-4.fc42
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...
[SECURITY] Fedora 43 Update: maturin-1.9.6-5.fc43
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...
[SECURITY] Fedora 44 Update: maturin-1.9.6-5.fc44
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...
[SECURITY] Fedora 43 Update: rust-pythonize-0.27.0-1.fc43
Serde Serializer & Deserializer from Rust Python, backed by PyO3...
[SECURITY] Fedora 42 Update: maturin-1.9.6-3.fc42
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...
[SECURITY] Fedora 43 Update: maturin-1.9.6-4.fc43
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...
EUVD-2021-1519
Malware in sbrugna...
EUVD-2024-2969
Malicious code in bioql PyPI...
[SECURITY] Fedora 43 Update: maturin-1.8.7-2.fc43
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...
[SECURITY] Fedora 41 Update: maturin-1.8.7-2.fc41
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...
[SECURITY] Fedora 42 Update: maturin-1.8.7-2.fc42
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...
Linux Distros Unpatched Vulnerability : CVE-2024-9979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak...
CVE-2020-35917
An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From...
GHSA-PPH8-GCV7-4QJ5 PyO3 Risk of buffer overflow in `PyString::from_object`
PyString::fromobject took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read by raising a Python exception...
RuStream (>=0.0.1 <=0.0.2), abd-clam (>=0.23.1 <=0.25.3) +240 more potentially affected by unknown CVE via pyo3 (>=0.1.0 <=0.23.5)
pyo3 CARGO version =0.1.0, =0.0.1, =0.23.1, =0.12.2, =0.2.1, =48.0.0, =0.1.0, =0.3.3, =0.0.1-a1, =0.0.1-a1, =0.1.0, =0.2.37, =1.0.0-beta.4 - bilbyrust =0.1.0 - bitbazaar =0.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PPH8-GCV7-4QJ5...
PyO3 Risk of buffer overflow in `PyString::from_object`
PyString::fromobject took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read by raising a Python exception...
RuStream (>=0.0.1 <=0.0.2), RustPyNet (>=0.1.0 <=0.1.3) +586 more potentially affected by unknown CVE via pyo3 (>=0.10.1 <=0.23.5)
pyo3 CARGO version =0.10.1, =0.0.1, =0.1.0, =0.21.8, =0.8.0, =0.12.0, =0.2.1, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.14 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0020...
RUSTSEC-2025-0020 Risk of buffer overflow in `PyString::from_object`
PyString::fromobject took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read by raising a Python exception...
GHSA-VXCF-C7MX-PG53 Build corruption when using `PYO3_CONFIG_FILE` environment variable
In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...
Build corruption when using `PYO3_CONFIG_FILE` environment variable
In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...