50 matches found
GHSA-3QX8-RV27-J6GP Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...
rust-toolset:rhel8 security update
An update is available for module.rust, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc,...
Important: Red Hat Security Advisory: rust-toolset:rhel8 security update
An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Important: rust-toolset:rhel8 security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...
GHSA-C439-CHV8-8G2J `os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...
bencode (>=0.1.1 <=0.1.8), bincode (>=0.0.3 <=0.0.9) +49 more potentially affected by unknown CVE via rustc-serialize (>=0.1.5 <=0.3.22)
rustc-serialize CARGO version =0.1.5, =0.1.1, =0.0.3, =0.1.12, =0.1.2, =0.5.3, =0.5.2, =0.5.1, =0.1.4, =0.1.8, =0.6.41, =0.6.42 - docoptmacros =0.6.42 - email =0.0.9 - envelope =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2226-4V3C-CFF8...
CVE-2021-32715
hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...
CVE-2022-21658
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...
GSL (>=0.4.25 <=0.4.26), IMAPServer (=0.0.0) +4478 more potentially affected by unknown CVE via rustc-serialize (>=0.1.5 <=0.3.25)
rustc-serialize CARGO version =0.1.5, =0.4.25, =0.1.0, =0.1.7, =0.2.0-beta.4, =0.0.6, =0.1.0, =0.2.1, =0.1.4, =0.1.1, =0.3.0 - ace-test-lib =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0004...
Remote Code Execution (RCE)
rustc:sid is vulnerable to remote code execution. The Zip implementation calls iteratorgetunchecked for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait...
Business Logic Flaws
rustc has a business logic flaw. The vulnerability exists due to the iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess...
Denial Of Service (DoS)
rustc:sid is vulnerable to denial of service. The Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again...
Business Logic Flaws
rustc has a business logic flaw. The vulnerability exists due to the iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess...
Denial Of Service (DoS)
rustc:sid is vulnerable to denial of service. readtoend does not validate the return value from Read in an unsafe context, causing a buffer overflow...
Denial Of Service (DoS)
rustc:sid is vulnerable to denial of service. The String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the...
Denial Of Service (DoS)
rustc is vulnerable to denial of service. The vulnerability exists due to use-after-free or double free in VecDeque::makecontiguous that pops the same element more than once under certain condition...
GHSA-8XW8-MMQV-FRQQ fake-static allows converting any reference into a `'static` reference
fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc...
fake-static allows converting any reference into a `'static` reference
fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc...
rust-toolset:rhel8 security, bug fix, and enhancement update
An update is available for rust-toolset, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc...