CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-43868

CVE-2026-43868 affects Apache Thrift prior to 0.23.0, where a memory-allocation vulnerability is triggered by excessive size values in RPC messages, potentially enabling a denial of service. The issue is mitigated by upgrading to Thrift 0.23.0 or later. The provided sources confirm the affected v...

[SECURITY] Fedora 44 Update: rust-sequoia-git-0.6.0-1.fc44

A tool for managing and enforcing a commit signing policy...

Fedora 43 : rust-sequoia-git (2026-95ac9001e8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-95ac9001e8 advisory. Update to version 0.6.0. Addresses RUSTSEC-2026-0109. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora 44 : rust-sequoia-git (2026-0a72408e1b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0a72408e1b advisory. Update to version 0.6.0. Addresses RUSTSEC-2026-0109. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora 42 : rust-sequoia-git (2026-6f64d2e143)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6f64d2e143 advisory. Update to version 0.6.0. Addresses RUSTSEC-2026-0109. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

The China-based cybercrime group known as Silver Fox aka Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Properly handles FDA objects of length zero. A bug has been fixed where an empty FDA fd array object with 0 fds could cause an out-of-bounds error. The previous implementation used skip == 0 to indicate “this is a...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.49.0, the String::retain function has a panic security issue. It allows the creation of a non-UTF-8 Rust string when the provided closure panics. This bug could lead to a memory safety violation if other string APIs assume that UTF-8 encoding is us...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: x86/Kconfig: make CFIAUTODEFAULT dependent on !RUST or Rust = 1.88 Calling core::fmt::write from Rust code while FineIBT is enabled results in a kernel panic: 4614.199779 Kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343...

Astra Linux - уязвимость в rustc

In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions...

Astra Linux - уязвимость в rustc

In the standard library of Rust before version 1.2.0, BinaryHeap is not panic-safe. The binary heap becomes in an inconsistent state when the comparison of generic elements within siftup or siftdownrange causes a panic. This bug results in a decrease of zeroed memory of an arbitrary type, which c...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before 1.52.0, there was an optimization for joining strings that could cause uninitialized bytes to be exposed or the program to crash if the borrowed string changed after its length was checked...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.52.0, a double-free error can occur in the Vec::fromiter function if the process of freeing the element causes a panic...

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Rust-Regex

Regex is an implementation of regular expressions for the Rust language. The regex crate includes built-in measures to prevent denial-of-service attacks caused by untrusted regexes or untrusted inputs matched by trusted regexes. These measures already provide reasonable defaults to prevent attack...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.52.0, the Zip implementation has a panic safety issue. It calls iteratorgetunchecked more than once for the same index when the underlying iterator panics under certain conditions. This bug could lead to a memory safety violation due to an unmet...

Astra Linux - уязвимость в rustc

In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::getmut method. This synchronization issue can be lead to memory safety issues through race conditions...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.51.0, the Zip implementation calls iteratorgetunchecked more than once for the same index when it’s nested. This bug can lead to a memory safety violation due to a failure to meet the safety requirements of the TrustedRandomAccess trait...