Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rust-lang rust vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-1000810
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via...
Rust-lang Rust 1.27.0
Rust-lang Rust 1.26.2
Rust-lang Rust 1.26.1
Rust-lang Rust 1.26.0
Rust-lang Rust 1.27.1
Rust-lang Rust 1.27.2
Rust-lang Rust 1.28.0
Rust-lang Rust 1.29.0
1 Github repository
4.6
CVSSv2
CVE-2018-1000657
Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary cod...
Rust-lang Rust
7.5
CVSSv2
CVE-2020-36318
In the standard library in Rust prior to 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
Rust-lang Rust
2 Github repositories
5
CVSSv2
CVE-2020-36317
In the standard library in Rust prior to 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encod...
Rust-lang Rust
1 Github repository
4.3
CVSSv2
CVE-2017-20004
In the standard library in Rust prior to 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.
Rust-lang Rust
NA
CVE-2023-40030
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and before 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may...
Rust-lang Rust
5
CVSSv2
CVE-2019-16760
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may downloa...
Rust-lang Rust
6.8
CVSSv2
CVE-2018-1000622
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag...
Rust-lang Rust
4.3
CVSSv2
CVE-2018-25008
In the standard library in Rust prior to 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.
Rust-lang Rust
6.4
CVSSv2
CVE-2021-29922
library/std/src/net/parser.rs in Rust prior to 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows malicious users to bypass access control that is based on IP addresses, because of unexpected oc...
Rust-lang Rust
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »