Search CVE reports
1 – 10 of 26 results
CVE-2024-43402
Medium priorityRust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass...
2 affected packages
cargo, rustc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cargo | Not in release | Not affected | Not affected | Not affected | Not affected |
rustc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-24576
Negligible priorityRust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on...
2 affected packages
cargo, rustc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cargo | — | Not affected | Not affected | Not affected | Not affected |
rustc | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-40030
Medium prioritySome fixes available 1 of 8
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A...
2 affected packages
cargo, rustc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cargo | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rustc | Fixed | Not affected | Not affected | Not affected | Not affected |
CVE-2023-38497
Medium prioritySome fixes available 6 of 11
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If...
3 affected packages
cargo, rust-cargo, rustc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cargo | Not in release | Fixed | Fixed | Fixed | Fixed |
rust-cargo | Vulnerable | Fixed | Not in release | Ignored | Ignored |
rustc | Fixed | Not affected | Not affected | Not affected | Not affected |
CVE-2022-23639
Medium prioritySome fixes available 8 of 39
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was...
11 affected packages
cargo, firefox, librsvg, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cargo | Not in release | Not affected | Not affected | Not affected | Vulnerable |
firefox | Fixed | Fixed | Ignored | Ignored | Ignored |
librsvg | Not affected | Not affected | Not affected | Not affected | Not affected |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
rust-crossbeam-utils | Not affected | Vulnerable | Vulnerable | Not in release | Not in release |
rust-crossbeam-utils-0.7 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
rustc | Not affected | Fixed | Fixed | Not affected | Vulnerable |
thunderbird | Ignored | Ignored | Ignored | Ignored | Ignored |
CVE-2022-21658
Medium prioritySome fixes available 1 of 5
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library...
1 affected package
rustc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rustc | Not affected | Not affected | Fixed | Not affected | Vulnerable |
CVE-2021-42574
Medium prioritySome fixes available 2 of 5
** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that...
1 affected package
rustc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rustc | Not affected | Fixed | Fixed | Not affected | Not affected |
CVE-2021-29922
Medium prioritySome fixes available 2 of 8
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based...
1 affected package
rustc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rustc | Not affected | Fixed | Fixed | Not affected | Vulnerable |
CVE-2021-31162
Medium prioritySome fixes available 2 of 8
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
1 affected package
rustc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rustc | Not affected | Fixed | Fixed | Not affected | Vulnerable |
CVE-2020-36323
Medium prioritySome fixes available 2 of 8
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
1 affected package
rustc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rustc | Not affected | Fixed | Fixed | Not affected | Vulnerable |