Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rust vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2020-36471
An issue exists in the generator crate prior to 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds.
Generator Project Generator
7.5
CVSSv3
CVE-2023-22895
The bzip2 crate prior to 0.4.4 for Rust allow malicious users to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.
Bzip2 Project Bzip2
5.4
CVSSv3
CVE-2023-22466
Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously ...
Tokio Tokio
NA
CVE-2024-3296
A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages fo...
NA
CVE-2024-32650
Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `com...
7.5
CVSSv3
CVE-2023-26964
An issue exists in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).
Hyper H2 0.2.4
Hyper Hyper 0.13.7
9.8
CVSSv3
CVE-2021-38187
An issue exists in the anymap crate up to and including 0.12.1 for Rust. It violates soundness via conversion of a *u8 to a *u64.
Anymap Project Anymap
4.7
CVSSv3
CVE-2023-41051
In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory cons...
Vm-memory Project Vm-memory
7.5
CVSSv3
CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
Quinn Project Quinn
1 Github repository
7.5
CVSSv3
CVE-2023-43669
The Tungstenite crate prior to 0.20.1 for Rust allows remote malicious users to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of ...
Snapview Tungstenite
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »