18 matches found
MiracleLinux 8 : rust-toolset:rhel8 (AXSA:2022-3550:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3550:02 advisory. rust: Race condition in removedirall leading to removal of files outside of the directory being removed CVE-2022-21658 Tenable has extracted the preceding...
Rocky Linux 8 : rust-toolset:rhel8 (RLSA-2022:1894)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1894 advisory. - Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG...
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Summary https://github.com/advisories/GHSA-mc8h-8q98-g5hr https://github.com/XAMPPRocky/removedirall/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead tempfile v0.4.26 ships with affected removedirall v0.5.3 and so blocks my deployment of v12 to openSUSE distribution because it imposes a clean carg...
GHSA-F2WX-XJFW-XJV6 topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Summary https://github.com/advisories/GHSA-mc8h-8q98-g5hr https://github.com/XAMPPRocky/removedirall/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead tempfile v0.4.26 ships with affected removedirall v0.5.3 and so blocks my deployment of v12 to openSUSE distribution because it imposes a clean carg...
GHSA-MC8H-8Q98-G5HR Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
The removedirall crate is a Rust library that offers additional features over the Rust standard library fs::removedirall function. It suffers the same class of failure as the code it was layering over: TOCTOU race conditions, with the ability to cause arbitrary paths to be deleted by substituting...
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
The removedirall crate is a Rust library that offers additional features over the Rust standard library fs::removedirall function. It suffers the same class of failure as the code it was layering over: TOCTOU race conditions, with the ability to cause arbitrary paths to be deleted by substituting...
BuildEAR (=3.1.0), IMAPServer (=0.2.0) +2461 more potentially affected by unknown CVE via remove_dir_all (>=0.3.0 <=0.7.0)
removedirall CARGO version =0.3.0, =0.22.2, =0.1.2, =0.1.1, =0.1.0, =0.2.0, =2.1.0, =2.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-MC8H-8Q98-G5HR...
RUSTSEC-2023-0018 Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)
The removedirall crate is a Rust library that offers additional features over the Rust standard library fs::removedirall function. It was possible to trick a privileged process doing a recursive delete in an attacker controlled directory into deleting privileged files, on all operating systems. F...
BuildEAR (=3.1.0), IMAPServer (=0.2.0) +2461 more potentially affected by unknown CVE via remove_dir_all (>=0.3.0 <=0.7.0)
removedirall CARGO version =0.3.0, =0.22.2, =0.1.2, =0.1.1, =0.1.0, =0.2.0, =2.1.0, =2.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0018...
ROS-20220804-01
A vulnerability in the Rust language standard library is related to the race condition in the std::fs::removedirall function. Exploitation of the vulnerability could allow an attacker acting remotely to achieve deletion of arbitrary system files and directories that an attacker would not normally...
rust: Race condition in remove_dir_all leading to removal of files outside of the directory being removed
A race condition flaw was found in Rust's std::fs::removedirall function. Rust applications that use this function may be vulnerable to a race condition where an unprivileged attacker can trick the application into deleting files and directories, causing an impact on system data integrity. If the...
openSUSE: Security Advisory for rust, (openSUSE-SU-2022:0843-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Race condition in std::fs::remove_dir_all in rustlang
...
openSUSE: Security Advisory for rust1.56 (openSUSE-SU-2022:0149-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2022:0171-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2022-21658
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...
AZL-8337 CVE-2022-21658 affecting package rust for versions less than 1.59.0-1
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...
CVE-2022-21658
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...