Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rust-lang vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-1000810
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via...
Rust-lang Rust 1.27.0
Rust-lang Rust 1.26.2
Rust-lang Rust 1.26.1
Rust-lang Rust 1.26.0
Rust-lang Rust 1.27.1
Rust-lang Rust 1.27.2
Rust-lang Rust 1.28.0
Rust-lang Rust 1.29.0
1 Github repository
7.5
CVSSv3
CVE-2021-28875
In the standard library in Rust prior to 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
Rust-lang Rust
1 Github repository
7.5
CVSSv3
CVE-2021-28877
In the standard library in Rust prior to 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
Rust-lang Rust
9.1
CVSSv3
CVE-2021-29922
library/std/src/net/parser.rs in Rust prior to 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows malicious users to bypass access control that is based on IP addresses, because of unexpected oc...
Rust-lang Rust
7.8
CVSSv3
CVE-2018-1000622
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag...
Rust-lang Rust
5.5
CVSSv3
CVE-2020-35920
An issue exists in the socket2 crate prior to 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
Rust-lang Socket2
9.8
CVSSv3
CVE-2020-36318
In the standard library in Rust prior to 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
Rust-lang Rust
2 Github repositories
5.9
CVSSv3
CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been ...
Rust-lang Cargo
6.1
CVSSv3
CVE-2023-40030
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and before 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may...
Rust-lang Rust
8.1
CVSSv3
CVE-2022-36113
Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" ...
Rust-lang Cargo
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »