Lucene search
K

239 matches found

Github Security Blog
Github Security Blog
added 2025/07/27 9:32 p.m.7 views

Duplicate Advisory: transpose: Buffer overflow due to integer overflow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gmm-6m36-r7jh. This link is maintained to preserve external references. Original Description The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...

5.3CVSS7.4AI score0.00291EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/07/27 9:15 p.m.2 views

DEBIAN-CVE-2023-53156

The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...

5.3CVSS5.3AI score0.00291EPSS
Exploits0References1
OSV
OSV
added 2025/07/27 8:15 p.m.4 views

CVE-2024-58262

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...

5.1CVSS6.2AI score
Exploits0References3
OSV
OSV
added 2025/07/27 8:15 p.m.3 views

DEBIAN-CVE-2024-58262

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...

5.1CVSS5.3AI score0.00152EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/07/27 8:15 p.m.6 views

CVE-2024-58262

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...

5.1CVSS5.9AI score0.00152EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/27 12:0 a.m.9 views

curve25519-dalek crate 安全漏洞

curve25519-dalek crate is a Rust library from dalek cryptography open source. A security vulnerability exists in curve25519-dalek crate versions prior to 4.1.3, which stems from the possibility of disclosing private keys and other secrets...

5.1CVSS6.4AI score0.00152EPSS
Exploits0References3
CVE
CVE
added 2025/07/27 12:0 a.m.37 views

CVE-2023-53156

The CVE-2023-53156 issue affects the Rust crate transpose prior to version 0.2.3 . The vulnerability is an integer overflow triggered by the input_width and input_height arguments in the affected code path. The impact is described as an overflow condition; no exploitation details are provided in ...

5.3CVSS7.5AI score0.00291EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/07/27 12:0 a.m.11 views

CVE-2023-53156

The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...

4.5CVSS0.00291EPSS
Exploits0References4
CVE
CVE
added 2025/07/27 12:0 a.m.28 views

CVE-2024-58264

The CVE-2024-58264 entry concerns the Rust crate serde-json-wasm prior to 1.0.1, where deeply nested JSON data can cause stack consumption/overflow. Reported impacts include potential denial of service via stack exhaustion; some sources describe the issue as a stack overflow during recursive JSON...

7.5CVSS7.2AI score0.00362EPSS
Exploits0References3Affected Software1
RustSec
RustSec
added 2025/06/16 12:0 p.m.11 views

Four unique double-free vulnerabilities triggered via safe APIs

The crate slice-ring-buffer was developed as a fork of slice-deque to continue maintenance and provide security patches, since the latter has been officially unmaintained RUSTSEC-2020-0158. While slice-ring-buffer has addressed some previously reported memory safety issues inherited from its fork...

7.9AI score
Exploits0Affected Software1
OSV
OSV
added 2025/06/06 3:30 p.m.3 views

GHSA-JQ8X-V7JW-V675 Duplicate Advisory: users may append `root` to group listings

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references. Original Description A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group...

7.1CVSS5.7AI score0.00166EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/06/06 3:30 p.m.9 views

Duplicate Advisory: users may append `root` to group listings

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references. Original Description A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group...

7.1CVSS7.3AI score0.00166EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2025/06/06 2:15 p.m.14 views

CVE-2025-5791

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...

7.1CVSS0.00166EPSS
Exploits0References6
OSV
OSV
added 2025/06/06 2:15 p.m.6 views

AZL-63771 CVE-2025-5791 affecting package kata-containers-cc 3.15.0.aks0-7

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...

7.1CVSS5.7AI score0.00166EPSS
Exploits0References1
OSV
OSV
added 2025/06/06 2:15 p.m.5 views

UBUNTU-CVE-2025-5791

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...

7.1CVSS5.8AI score0.00166EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/06 1:10 p.m.40 views

CVE-2025-5791 Users: `root` appended to group listings

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...

7.1CVSS0.00166EPSS
Exploits0References6
CVE
CVE
added 2025/06/06 1:10 p.m.97 views

CVE-2025-5791

The CVE-2025-5791 entry concerns the Rust users crate with privilege escalation via incorrect group listing when a process has fewer than 1024 groups, which can incorrectly include the root group in the access list. Affected component: the user’s Rust crate (rust-users). Local/exploit path is ind...

7.1CVSS7.1AI score0.00166EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/06/02 12:0 a.m.6 views

Amazon Linux 2023 : librsvg2, librsvg2-devel, librsvg2-tools (ALAS2023-2025-992)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-992 advisory. RUSTSEC-2024-0429 is a vulnerability discovered in the glib Rust crate affecting versions prior to 0.20.0. The issue involves unsoundness in Iterator and DoubleEndedIterator implementations for...

5.5AI score
Exploits0References2
OSV
OSV
added 2025/05/24 3:30 a.m.3 views

GHSA-CM3G-QM4H-XM6M SCSIR has a Potential Unsound Issue in WriteSameCommand

In groupnumber in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits e.g., 5 bits for group number...

2.9CVSS7.3AI score0.00276EPSS
Exploits1References4
OSV
OSV
added 2025/05/24 3:15 a.m.4 views

CVE-2025-48755

In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST zero-sized type...

9.8CVSS5.8AI score0.00297EPSS
Exploits1References2
Rows per page
Query Builder