Astra Linux - уязвимость в rustc

The library/std/src/net/parser.rs file in Rust before version 1.53.0 does not properly handle zero characters at the beginning of an IP address string. In some cases, this allows attackers to bypass access controls based on IP addresses due to incorrect octal interpretation of those zero characte...

CVE-2026-42427

OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGOBUILDRUSTCWRAPPER, RUSTCWRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands and...

PT-2026-35805

OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGO BUILD RUSTC WRAPPER, RUSTC WRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands an...

Ubuntu: Security Advisory (USN-8168-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8168-2 rustc, rustc-1.76, rustc-1.77, rustc-1.78, rustc-1.79, rustc-1.80 vulnerability

USN-8168-1 fixed a vulnerability in Rust. This update provides the corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archiv...

Ubuntu: Security Advisory (USN-8168-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Rust vulnerability (USN-8168-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8168-1 advisory. It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were...

USN-8168-1 rustc vulnerability

It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the...

GHSA-7437-7HG8-FRRW OpenClaw: HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection (GHSA-cm8v-2vh9-cxf3 class)

Impact HGRCPATH, CARGOBUILDRUSTCWRAPPER, RUSTCWRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection GHSA-cm8v-2vh9-cxf3 class. Missing denylist entries allowed hostile build-tool environment variables to influence host exec commands. OpenClaw is a user-controlle...

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the handling of environment variables in the exec env denylist. An attacker can execute arbitrary commands by injecting malicious values into...

CVE-2025-11233

Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...

RUSTSEC-2025-0057 fxhash - no longer maintained

The fxhash crate is no longer maintained. The repository is stale and owner is no longer active on GitHub. Please take a look at rustc-hash instead...

fxhash - no longer maintained

The fxhash crate is no longer maintained. The repository is stale and owner is no longer active on GitHub. Please take a look at rustc-hash instead...

GSL (>=0.4.25 <=0.4.26), IMAPServer (=0.0.0) +4478 more potentially affected by unknown CVE via rustc-serialize (>=0.1.5 <=0.3.25)

rustc-serialize CARGO version =0.1.5, =0.4.25, =0.1.0, =0.1.7, =0.2.0-beta.4, =0.0.6, =0.1.0, =0.2.1, =0.1.4, =0.1.1, =0.3.0 - ace-test-lib =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0025...

RUSTSEC-2025-0025 rustc-serialize is unmaintained

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

rustc-serialize is unmaintained

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

PT-2025-19690 · Crates.Io · Rustc-Serialize

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

cve-rs introduces memory vulnerabilities in safe Rust

This crate is a joke and should never be used. cve-rs provides demonstrations of common memory vulnerabilities such as buffer overflows and segfaults implemented completely within safe Rust. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc:...

PT-2025-19818 · Crates.Io · Totally-Safe

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

GHSA-3QX8-RV27-J6GP Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...