Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rust-lang rust vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-45299
An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows malicious users to access arbitrary files via supplying a crafted URL.
Webbrowser Project Webbrowser
2 Github repositories
9.8
CVSSv3
CVE-2021-31162
In the standard library in Rust prior to 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
Rust-lang Rust
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
9.8
CVSSv3
CVE-2021-28879
In the standard library in Rust prior to 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.
Rust-lang Rust
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
1 Github repository
9.8
CVSSv3
CVE-2020-36318
In the standard library in Rust prior to 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
Rust-lang Rust
2 Github repositories
9.8
CVSSv3
CVE-2018-1000810
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via...
Rust-lang Rust 1.27.0
Rust-lang Rust 1.26.2
Rust-lang Rust 1.26.1
Rust-lang Rust 1.26.0
Rust-lang Rust 1.27.1
Rust-lang Rust 1.27.2
Rust-lang Rust 1.28.0
Rust-lang Rust 1.29.0
1 Github repository
9.1
CVSSv3
CVE-2021-29922
library/std/src/net/parser.rs in Rust prior to 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows malicious users to bypass access control that is based on IP addresses, because of unexpected oc...
Rust-lang Rust
8.2
CVSSv3
CVE-2020-36323
In the standard library in Rust prior to 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
Rust-lang Rust
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
1 Github repository
8.1
CVSSv3
CVE-2022-36113
Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" ...
Rust-lang Cargo
1 Github repository
8.1
CVSSv3
CVE-2019-12083
The Rust Programming Language Standard Library 1.34.x prior to 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other...
Rust-lang Rust
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
7.8
CVSSv3
CVE-2020-35906
An issue exists in the futures-task crate prior to 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation.
Rust-lang Futures-task
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »