Lucene search
K

50 matches found

OSV
OSV
added 2024/12/23 7:26 p.m.5 views

GHSA-3QX8-RV27-J6GP Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

7.3AI score
Exploits0References3
Rockylinux
Rockylinux
added 2023/08/24 4:21 a.m.27 views

rust-toolset:rhel8 security update

An update is available for module.rust, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc,...

7.9CVSS7.2AI score0.00763EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/08/14 2:38 p.m.31 views

Important: Red Hat Security Advisory: rust-toolset:rhel8 security update

An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

7.9CVSS6.8AI score0.00763EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2023/08/14 12:0 a.m.28 views

Important: rust-toolset:rhel8 security update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...

7.9CVSS6.9AI score0.00763EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/09/02 10:29 p.m.22 views

`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr

The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...

2.4AI score
Exploits0References5Affected Software1
OSV
OSV
added 2022/09/02 10:29 p.m.14 views

GHSA-C439-CHV8-8G2J `os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr

The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...

7.1AI score
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/06/17 12:18 a.m.2 views

bencode (>=0.1.1 <=0.1.8), bincode (>=0.0.3 <=0.0.9) +49 more potentially affected by unknown CVE via rustc-serialize (>=0.1.5 <=0.3.22)

rustc-serialize CARGO version =0.1.5, =0.1.1, =0.0.3, =0.1.12, =0.1.2, =0.5.3, =0.5.2, =0.5.1, =0.1.4, =0.1.8, =0.6.41, =0.6.42 - docoptmacros =0.6.42 - email =0.0.9 - envelope =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2226-4V3C-CFF8...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2022/05/20 11:2 p.m.24 views

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

6.5CVSS0.4AI score0.00886EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/01/20 11:0 a.m.111 views

CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...

7.3CVSS7AI score0.01376EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2022/01/01 12:0 p.m.3 views

GSL (>=0.4.25 <=0.4.26), IMAPServer (=0.0.0) +4478 more potentially affected by unknown CVE via rustc-serialize (>=0.1.5 <=0.3.25)

rustc-serialize CARGO version =0.1.5, =0.4.25, =0.1.0, =0.1.7, =0.2.0-beta.4, =0.0.6, =0.1.0, =0.2.1, =0.1.4, =0.1.1, =0.3.0 - ace-test-lib =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0004...

5.7AI score
Exploits0
Veracode
Veracode
added 2021/10/11 5:4 a.m.32 views

Remote Code Execution (RCE)

rustc:sid is vulnerable to remote code execution. The Zip implementation calls iteratorgetunchecked for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait...

7.5CVSS2.9AI score0.01387EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2021/10/11 5:4 a.m.31 views

Business Logic Flaws

rustc has a business logic flaw. The vulnerability exists due to the iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess...

5.3CVSS2.5AI score0.01566EPSS
Exploits1References10Affected Software1
Veracode
Veracode
added 2021/10/11 5:4 a.m.27 views

Denial Of Service (DoS)

rustc:sid is vulnerable to denial of service. The Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again...

9.8CVSS3.3AI score0.02412EPSS
Exploits1References10Affected Software1
Veracode
Veracode
added 2021/10/11 5:4 a.m.36 views

Business Logic Flaws

rustc has a business logic flaw. The vulnerability exists due to the iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess...

7.5CVSS2.5AI score0.01997EPSS
Exploits1References10Affected Software1
Veracode
Veracode
added 2021/10/11 5:4 a.m.25 views

Denial Of Service (DoS)

rustc:sid is vulnerable to denial of service. readtoend does not validate the return value from Read in an unsafe context, causing a buffer overflow...

7.5CVSS3.6AI score0.02122EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2021/10/11 2:2 a.m.27 views

Denial Of Service (DoS)

rustc:sid is vulnerable to denial of service. The String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the...

7.5CVSS3.7AI score0.01509EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2021/10/11 2:2 a.m.24 views

Denial Of Service (DoS)

rustc is vulnerable to denial of service. The vulnerability exists due to use-after-free or double free in VecDeque::makecontiguous that pops the same element more than once under certain condition...

9.8CVSS2.6AI score0.01676EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/08/25 8:55 p.m.12 views

GHSA-8XW8-MMQV-FRQQ fake-static allows converting any reference into a `'static` reference

fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc...

7.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/08/25 8:55 p.m.16 views

fake-static allows converting any reference into a `'static` reference

fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc...

3.3AI score
Exploits0References3Affected Software1
Rockylinux
Rockylinux
added 2021/08/10 11:59 a.m.34 views

rust-toolset:rhel8 security, bug fix, and enhancement update

An update is available for rust-toolset, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc...

9.8CVSS8.7AI score0.0289EPSS
Exploits5
Rows per page
Query Builder