Search CVE reports


Toggle filters

1 – 10 of 26 results


CVE-2024-43402

Medium priority
Not affected

Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass...

2 affected packages

cargo, rustc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Not affected Not affected Not affected Not affected
rustc Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-24576

Negligible priority
Not affected

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on...

2 affected packages

cargo, rustc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not affected Not affected Not affected Not affected
rustc Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-40030

Medium priority

Some fixes available 1 of 8

Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A...

2 affected packages

cargo, rustc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rustc Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-38497

Medium priority

Some fixes available 6 of 11

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If...

3 affected packages

cargo, rust-cargo, rustc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Fixed Fixed Fixed Fixed
rust-cargo Vulnerable Fixed Not in release Ignored Ignored
rustc Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-23639

Medium priority

Some fixes available 8 of 39

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was...

11 affected packages

cargo, firefox, librsvg, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Not affected Not affected Not affected Vulnerable
firefox Fixed Fixed Ignored Ignored Ignored
librsvg Not affected Not affected Not affected Not affected Not affected
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
rust-crossbeam-utils Not affected Vulnerable Vulnerable Not in release Not in release
rust-crossbeam-utils-0.7 Not in release Vulnerable Not in release Not in release Not in release
rustc Not affected Fixed Fixed Not affected Vulnerable
thunderbird Ignored Ignored Ignored Ignored Ignored
Show all 11 packages Show less packages

CVE-2022-21658

Medium priority

Some fixes available 1 of 5

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library...

1 affected package

rustc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rustc Not affected Not affected Fixed Not affected Vulnerable
Show less packages

CVE-2021-42574

Medium priority

Some fixes available 2 of 5

** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that...

1 affected package

rustc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rustc Not affected Fixed Fixed Not affected Not affected
Show less packages

CVE-2021-29922

Medium priority

Some fixes available 2 of 8

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based...

1 affected package

rustc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rustc Not affected Fixed Fixed Not affected Vulnerable
Show less packages

CVE-2021-31162

Medium priority

Some fixes available 2 of 8

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.

1 affected package

rustc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rustc Not affected Fixed Fixed Not affected Vulnerable
Show less packages

CVE-2020-36323

Medium priority

Some fixes available 2 of 8

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.

1 affected package

rustc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rustc Not affected Fixed Fixed Not affected Vulnerable
Show less packages