9528 matches found
CVE-2026-45792
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK Rust Token Killer improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An...
CVE-2026-45792 RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK Rust Token Killer improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.52.0, a double-free error can occur in the Vec::fromiter function if the process of freeing the element causes a panic...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rustbinder: Check ownership before using vma. When installing missing pages or zapping them, Rust Binder will look up the vma in the memory management unit by address, and then call vminsertpage or zappagerangesingle. However, if...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.52.0, the Zip implementation may report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: rustbinder: fixed oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. As a result, the new request wasn’t taken into account in the spam calculation...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rustbinder: Avoid reading the written value in the offset array. When sending a transaction, its offset array is first copied into the target process’s virtual memory area vma. Then, the values are read back from there. This is...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.51.0, the Zip implementation calls iteratorgetunchecked more than once for the same index when it’s nested. This bug can lead to a memory safety violation due to a failure to meet the safety requirements of the TrustedRandomAccess trait...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.19.0, there is a synchronization issue with the MutexGuard object. MutexGuards can be used across threads of any type, which can lead to memory safety issues due to race conditions...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rustbinder: Properly handles FDA objects of length zero. A bug has been fixed where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to indicate “this is a...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before 1.52.0, there was an optimization for joining strings that could cause uninitialized bytes to be exposed or the program to crash if the borrowed string changed after its length was checked...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.49.0, the String::retain function has a panic security issue. It allows the creation of a non-UTF-8 Rust string when the provided closure panics. This bug could lead to a memory safety violation if other string APIs assume that UTF-8 encoding is us...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.49.0, VecDeque::makecontiguous has a bug where the same element may be popped more than once under certain conditions. This bug could lead to a use-after-free or double-free situation...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: x86/Kconfig: make CFIAUTODEFAULT dependent on !RUST or Rust = 1.88 Calling core::fmt::write from Rust code while FineIBT is enabled results in a kernel panic: 4614.199779 Kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before 1.52.0, the Zip implementation calls iteratorgetunchecked more than once for the same index under certain conditions when nextback and next are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.29.0, there is weak synchronization in the Arc::getmut method. This synchronization issue can lead to memory safety issues due to race conditions...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.52.0, the Zip implementation has a panic safety issue. It calls iteratorgetunchecked more than once for the same index when the underlying iterator panics under certain conditions. This bug could lead to a memory safety violation due to an unmet...
Astra Linux – Vulnerabilities in Firefox, Thunderbird, Rust-Regex
Regex is an implementation of regular expressions for the Rust language. The regex crate includes built-in measures to prevent denial-of-service attacks caused by untrusted regexes or untrusted inputs matched by trusted regexes. These measures already provide reasonable defaults to prevent attack...
Astra Linux – Vulnerability in RustC
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable due to a race condition that enables symlink creation...