Rust@* Security Vulnerabilities and Issues — Rust@* CVE List

Rust-langRust*

15 matches found

CVE•added 2024/04/10 3:22 p.m.•397 views

CVE-2024-3566

Technical details about CVE-2024-3566 are not provided in the connected documents. The initial description notes a command injection risk, but no affected products, versions, impact, or fixes are specified here. Monitor for updated technical disclosures.

9.8CVSS9.6AI score0.06883EPSS

CVE•added 2021/04/11 7:6 p.m.•198 views

CVE-2015-20001

In Rust prior to 1.2.0, the standard library’s BinaryHeap is not panic-safe. If the comparison of generic elements inside sift_up or sift_down_range panics, the heap can be left in an inconsistent state, leading to dropping zeroed memory of an arbitrary type and a memory-safety violation. This CV...

7.5CVSS7.6AI score0.01324EPSS

CVE•added 2021/08/07 12:0 a.m.•195 views

CVE-2021-29922

The CVE-2021-29922 issue affects Rust's standard library, specifically library/std/src/net/parser.rs, where extraneous zero characters at the beginning of an IP address string can lead to octal interpretation and bypasses of IP-based access controls. The vulnerability is present in Rust before 1....

9.1CVSS9AI score0.02623EPSS

CVE•added 2024/04/09 5:28 p.m.•185 views

CVE-2024-24576

CVE-2024-24576 affects Rust’s standard library on Windows where Command::arg/args escaping for batch files was not thorough enough. This could allow arbitrary shell commands when untrusted input is passed to batch file invocations via cmd.exe, enabling LPE/RCE scenarios as described in PoC and pu...

10CVSS8.9AI score0.20342EPSS

CVE•added 2019/09/30 9:39 p.m.•149 views

CVE-2019-16760

CVE-2019-16760 affects Cargo in Rust releases up to 1.25.0, where the package key in Cargo.toml can cause Cargo to download the wrong dependency. This could allow a malicious package to be substituted when building manifests (affecting locally written and crates.io published manifests). The advis...

7.5CVSS5.9AI score0.01452EPSS

CVE•added 2021/04/11 12:0 a.m.•148 views

CVE-2021-28876

The CVE-2021-28876 issue affects the Rust standard library’s Zip implementation up to Rust 1.51.x, where __iterator_get_unchecked() can be invoked more than once for the same index if the underlying iterator panics. This creates a memory-safety violation risk related to TrustedRandomAccess. Impac...

5.3CVSS7AI score0.01566EPSS

CVE•added 2021/04/14 6:10 a.m.•147 views

CVE-2020-36323

CVE-2020-36323 – Rust stdlib string-joining optimization issue : The connected sources confirm a defect in Rust before 1.52.0 where a string-joining optimization could expose uninitialized bytes or cause a crash if the borrowed string changes after its length is checked. This is a security issue ...

8.2CVSS8.7AI score0.02025EPSS

CVE•added 2021/04/11 12:0 a.m.•141 views

CVE-2021-28878

CVE-2021-28878 affects the Rust standard library before 1.52.0. The Zip implementation can call __iterator_get_unchecked() more than once for the same index when next_back() and next() are used together, creating a memory-safety vulnerability related to TrustedRandomAccess. Affected releases incl...

7.5CVSS8.4AI score0.01997EPSS

CVE•added 2021/04/11 12:0 a.m.•137 views

CVE-2021-28879

CVE-2021-28879 affects the Rust standard library prior to 1.52.0, specifically the Zip implementation. The bug permits reporting an incorrect size due to an integer overflow, which can cause a buffer overflow when a consumed Zip iterator is used again. The issue is documented across multiple conn...

9.8CVSS9.4AI score0.02412EPSS

CVE•added 2021/04/11 12:0 a.m.•124 views

CVE-2021-28875

CVE-2021-28875 affects the Rust standard library prior to 1.50.0. In read_to_end(), the return value from Read is not validated in an unsafe context, which can lead to a buffer overflow. Several connected sources corroborate this bug and note the fix involves upgrading Rust to a newer release. Th...

7.5CVSS8.4AI score0.02122EPSS

CVE•added 2021/04/11 12:0 a.m.•119 views

CVE-2021-28877

The CVE-2021-28877 issue affects the Rust standard library prior to 1.51.0, where the Zip implementation calls __iterator_get_unchecked() for the same index more than once during nested iteration, creating a memory safety violation related to TrustedRandomAccess. Affected: Rust stdlib (Zip path) ...

7.5CVSS8.4AI score0.01387EPSS

CVE•added 2021/04/11 7:6 p.m.•111 views

CVE-2020-36317

The CVE-2020-36317 issue affects the Rust standard library prior to 1.49.0, where String::retain() can panic and allow creation of a non-UTF-8 Rust string. This may cause a memory-safety violation when other APIs assume UTF-8 on the same string. Several connected advisories confirm Rust 1.49.0 or...

7.5CVSS7.8AI score0.01509EPSS

CVE•added 2021/04/14 6:10 a.m.•78 views

CVE-2018-25008

CVE-2018-25008 affects the Rust standard library: Arc::get_mut in Rust versions before 1.29.0 has weak synchronization that can lead to memory-safety issues via race conditions. The connected documents corroborate this description across several sources. The exact affected products/versions beyon...

5.9CVSS5.8AI score0.01054EPSS

CVE•added 2021/04/14 6:10 a.m.•67 views

CVE-2017-20004

CVE-2017-20004 affects the Rust standard library prior to 1.19.0, where a synchronization flaw in the MutexGuard object allows MutexGuards to be used across threads with arbitrary types, enabling memory-safety issues via data races. Affected component: Rust standard library; vulnerable version ra...

5.9CVSS5.8AI score0.00799EPSS

CVE•added 2024/09/04 3:29 p.m.•67 views

CVE-2024-43402

CVE-2024-43402 describes a Rust vulnerability in how Windows batch file names with trailing spaces or periods could bypass the existing mitigation for CVE-2024-24576. The issue arises from how the original fix checked for .bat/.cmd endings, failing to account for Windows normalizing trailing whit...

8.8CVSS9.1AI score0.00744EPSS