CVE-2024-44073

The Miniscript aka rust-miniscript library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth...

CVE-2024-44073

The Miniscript aka rust-miniscript library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth...

CVE-2024-44073

The Miniscript aka rust-miniscript library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth...

CBL Mariner 2.0 Security Update: rust (CVE-2024-32884)

The version of rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32884 advisory. - gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for tex...

CBL Mariner 2.0 Security Update: libcxx / llvm / rust (CVE-2024-31852)

The version of libcxx / llvm / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31852 advisory. - LLVM before 18.1.3 generates code in which the LR register can be overwritten without data bei...

OPENSUSE-SU-2024:0254-2 Security update for chromium, gn, rust-bindgen

This update for chromium, gn, rust-bindgen fixes the following issues: - Chromium 127.0.6533.119 boo1228941 CVE-2024-7532: Out of bounds memory access in ANGLE CVE-2024-7533: Use after free in Sharing CVE-2024-7550: Type Confusion in V8 CVE-2024-7534: Heap buffer overflow in Layout CVE-2024-7535:...

CVE-2024-43367 Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects

Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Boa's implementation of AsyncGenerator...

CVE-2024-43367 Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects

Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Boa's implementation of AsyncGenerator...

Russh has an OOM Denial of Service due to allocation of untrusted amount

Summary Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. Details An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory...

CVE-2024-41949

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

Photon OS 5.0: Rust PHSA-2023-5.0-0177

An update of the rust package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0177. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Rust PHSA-2022-3.0-0358

An update of the rust package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0358. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Rust PHSA-2021-4.0-0019

An update of the rust package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0019. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Rust PHSA-2021-4.0-0085

An update of the rust package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0085. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2024-40648 `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...

CVE-2024-40648

CVE-2024-40648 affects matrix-rust-sdk via matrix-sdk-crypto: the UserIdentity::is_verified() check in versions before 0.7.2 does not consider the user’s own verification status, potentially yielding a value that contradicts its name. The flaw is not used inside matrix-sdk-crypto itself, and the ...

CVE-2024-40648 `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...

CVE-2024-40640

vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...

CVE-2024-40640 Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac

vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...

CBL Mariner 2.0 Security Update: libgit2 / rust (CVE-2023-22742)

The version of libgit2 / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-22742 advisory. - libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with t...