Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rust-lang vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-1000810
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via...
Rust-lang Rust 1.27.0
Rust-lang Rust 1.26.2
Rust-lang Rust 1.26.1
Rust-lang Rust 1.26.0
Rust-lang Rust 1.27.1
Rust-lang Rust 1.27.2
Rust-lang Rust 1.28.0
Rust-lang Rust 1.29.0
1 Github repository
6.1
CVSSv3
CVE-2023-40030
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and before 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may...
Rust-lang Rust
7.8
CVSSv3
CVE-2018-1000622
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag...
Rust-lang Rust
7.8
CVSSv3
CVE-2018-1000657
Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary cod...
Rust-lang Rust
7.5
CVSSv3
CVE-2019-16760
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may downloa...
Rust-lang Rust
7.5
CVSSv3
CVE-2020-36317
In the standard library in Rust prior to 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encod...
Rust-lang Rust
1 Github repository
7.5
CVSSv3
CVE-2015-20001
In the standard library in Rust prior to 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which c...
Rust-lang Rust
7.5
CVSSv3
CVE-2021-28877
In the standard library in Rust prior to 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
Rust-lang Rust
5.3
CVSSv3
CVE-2019-1010299
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::...
Rust-lang Rust
5.5
CVSSv3
CVE-2020-35920
An issue exists in the socket2 crate prior to 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
Rust-lang Socket2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »