Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rust-lang rust vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28854
tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service ...
6.1
CVSSv3
CVE-2023-40030
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and before 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may...
Rust-lang Rust
7.3
CVSSv3
CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files...
Rust-lang Cargo
Fedoraproject Fedora 38
9.8
CVSSv3
CVE-2022-45299
An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows malicious users to access arbitrary files via supplying a crafted URL.
Webbrowser Project Webbrowser
2 Github repositories
5.9
CVSSv3
CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been ...
Rust-lang Cargo
8.1
CVSSv3
CVE-2022-36113
Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" ...
Rust-lang Cargo
1 Github repository
6.5
CVSSv3
CVE-2022-36114
Cargo is a package manager for the rust programming language. It exists that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also kn...
Rust-lang Cargo
7.5
CVSSv3
CVE-2022-24713
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane...
Rust-lang Regex
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
3 Github repositories
6.3
CVSSv3
CVE-2022-21658
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink...
Rust-lang Rust
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Apple Macos
Apple Tvos
Apple Iphone Os
Apple Ipados
Apple Watchos
3 Github repositories
9.1
CVSSv3
CVE-2021-29922
library/std/src/net/parser.rs in Rust prior to 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows malicious users to bypass access control that is based on IP addresses, because of unexpected oc...
Rust-lang Rust
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »