RHEL 9 : rust (RHSA-2023:4634)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4634 advisory. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security...

[SECURITY] Fedora 38 Update: rust-1.71.1-1.fc38

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Fedora 38 : rust (2023-6f2c7aa713)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6f2c7aa713 advisory. Security fix for CVE-2023-38497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora: Security Advisory for rust (FEDORA-2023-6f2c7aa713)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-28510 CVE-2023-38497 affecting package rust for versions less than 1.72.0-2

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

Code injection

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

CVE-2023-38497 Cargo not respecting umask when extracting crate archives

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

CVE-2023-38497

CVE-2023-38497 concerns Cargo and Rust: older Cargo (pre-0.72.2) bundled with Rust pre-1.71.1 did not respect the umask when extracting crate archives, allowing a local-privilege-like impact where a local user could alter source code being compiled and executed by the current user. The issue is m...

CVE-2023-38497 Cargo not respecting umask when extracting crate archives

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

CVE-2023-38497 Cargo not respecting umask when extracting crate archives

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

CVE-2023-3766

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and...

CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

A New Cross-Platform ‘P2PInfect’ Worm Threatening Cloud Environments

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary P2PInfect, a new cross-platform worm written in Rust, targets vulnerable Redis instances in cloud environments via the CVE-2022-0543 vulnerability, potentially posing a significant threat to over 307,000...

New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer P2P worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than...

atty potential unaligned read

On windows, atty dereferences a potentially unaligned pointer. In practice however, the pointer won't be unaligned unless a custom global allocator is used. In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment. atty is Unmaintained A Pull Reques...

GHSA-FQHP-RHM6-8RRJ Withdrawn Advisory: urlnorm vulnerable to Regular Expression Denial of Service

Withdrawn Advisory This advisory has been withdrawn because the security impact of the slow printing of URLs has been disputed. This link is maintained to preserve external references. Original Description The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos...

CVE-2023-33289

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."...