239 matches found
Duplicate Advisory: transpose: Buffer overflow due to integer overflow
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gmm-6m36-r7jh. This link is maintained to preserve external references. Original Description The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...
DEBIAN-CVE-2023-53156
The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...
CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
DEBIAN-CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
curve25519-dalek crate 安全漏洞
curve25519-dalek crate is a Rust library from dalek cryptography open source. A security vulnerability exists in curve25519-dalek crate versions prior to 4.1.3, which stems from the possibility of disclosing private keys and other secrets...
CVE-2023-53156
The CVE-2023-53156 issue affects the Rust crate transpose prior to version 0.2.3 . The vulnerability is an integer overflow triggered by the input_width and input_height arguments in the affected code path. The impact is described as an overflow condition; no exploitation details are provided in ...
CVE-2023-53156
The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...
CVE-2024-58264
The CVE-2024-58264 entry concerns the Rust crate serde-json-wasm prior to 1.0.1, where deeply nested JSON data can cause stack consumption/overflow. Reported impacts include potential denial of service via stack exhaustion; some sources describe the issue as a stack overflow during recursive JSON...
Four unique double-free vulnerabilities triggered via safe APIs
The crate slice-ring-buffer was developed as a fork of slice-deque to continue maintenance and provide security patches, since the latter has been officially unmaintained RUSTSEC-2020-0158. While slice-ring-buffer has addressed some previously reported memory safety issues inherited from its fork...
GHSA-JQ8X-V7JW-V675 Duplicate Advisory: users may append `root` to group listings
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references. Original Description A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group...
Duplicate Advisory: users may append `root` to group listings
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references. Original Description A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group...
CVE-2025-5791
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...
AZL-63771 CVE-2025-5791 affecting package kata-containers-cc 3.15.0.aks0-7
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...
UBUNTU-CVE-2025-5791
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...
CVE-2025-5791 Users: `root` appended to group listings
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...
CVE-2025-5791
The CVE-2025-5791 entry concerns the Rust users crate with privilege escalation via incorrect group listing when a process has fewer than 1024 groups, which can incorrectly include the root group in the access list. Affected component: the user’s Rust crate (rust-users). Local/exploit path is ind...
Amazon Linux 2023 : librsvg2, librsvg2-devel, librsvg2-tools (ALAS2023-2025-992)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-992 advisory. RUSTSEC-2024-0429 is a vulnerability discovered in the glib Rust crate affecting versions prior to 0.20.0. The issue involves unsoundness in Iterator and DoubleEndedIterator implementations for...
GHSA-CM3G-QM4H-XM6M SCSIR has a Potential Unsound Issue in WriteSameCommand
In groupnumber in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits e.g., 5 bits for group number...
CVE-2025-48755
In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST zero-sized type...