Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rust vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-5499
Baidu Rust SGX SDK up to and including 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same.
Apache Rust Sgx Sdk
1.9
CVSSv2
CVE-2020-35905
An issue exists in the futures-util crate prior to 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code).
Rust-lang Future-utils
2.1
CVSSv2
CVE-2020-35908
An issue exists in the futures-util crate prior to 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled.
Rust-lang Future-utils
4.3
CVSSv2
CVE-2020-36202
An issue exists in the async-h1 crate prior to 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.
Rust-lang Async-h1
NA
CVE-2022-36086
linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller tha...
Rust-osdev Linked-list-allocator
NA
CVE-2023-50711
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::Fa...
Rust-vmm Vmm-sys-util
3.3
CVSSv2
CVE-2022-21658
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink...
Rust-lang Rust
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Apple Macos
Apple Tvos
Apple Iphone Os
Apple Ipados
Apple Watchos
3 Github repositories
NA
CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files...
Rust-lang Cargo
Fedoraproject Fedora 38
5
CVSSv2
CVE-2022-24713
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane...
Rust-lang Regex
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
3 Github repositories
NA
CVE-2023-22895
The bzip2 crate prior to 0.4.4 for Rust allow malicious users to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.
Bzip2 Project Bzip2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »