GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3366 more potentially affected by unknown CVE via tokio-io (>=0.1.13 <=0.2.0-alpha.6)

tokio-io CARGO version =0.1.13, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.9.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0058...

GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3185 more potentially affected by unknown CVE via tokio-sync (>=0.1.8 <=0.2.0-alpha.6)

tokio-sync CARGO version =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.9.1 - acme-lib-load-order =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0052...

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +487 more potentially affected by unknown CVE via tokio-signal (>=0.1.5 <=0.3.0-alpha.1)

tokio-signal CARGO version =0.1.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.2.5 - actix-identity =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0065...

DEBIAN-CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

DEBIAN-CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

CVE-2026-33055

CVE-2026-33055 affects the tar-rs crate (Rust tar library) version 0.4.44 and below, where conditional logic incorrectly skipped the PAX size header when the base header size was nonzero. This contrasts with other parsers that use the PAX size override, potentially causing archives to appear diff...

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

CVE-2026-33040

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...

CVE-2026-33040 libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...

CVE-2026-33040

The CVE concerns libp2p-rust Gossipsub: prior to version 0.49.3, the Gossipsub backoff handling accepts attacker-controlled PRUNE backoff values, enabling unchecked time arithmetic that can overflow when updating backoff state. A crafted PRUNE message with a very large backoff (e.g., u64::MAX) ca...

CVE-2026-32829

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

UBUNTU-CVE-2026-32829

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

PT-2026-26570

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

rust-libp2p 输入验证错误漏洞

rust-libp2p is a Rust implementation of the libp2p open-source network stack. Prior to version 0.49.3, rust-libp2p had a vulnerability related to input validation errors. This vulnerability stemmed from the Gossipsub implementation accepting PRUNE evolutions controlled by attackers and potentiall...