CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36318 – rust: use-after-free or double free in VecDeque::make_contiguous
https://notcve.org/view.php?id=CVE-2020-36318
11 Apr 2021 — In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. En la biblioteca estándar de Rust versiones anteriores a 1.49.0, la función VecDeque::make_contiguous presenta un bug que muestra el mismo elemento más de una vez bajo determinadas condiciones. Este bug podría resultar en un uso de la memoria previamente liberada o una doble liberación Rust Toolset... • https://github.com/rust-lang/rust/issues/79808 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28877 – rust: memory safety violation in Zip implementation for nested iter::Zips
https://notcve.org/view.php?id=CVE-2021-28877
11 Apr 2021 — In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar en Rust versiones anteriores a 1.51.0, la implementación de Zip llama a la función __iterator_get_unchecked() para el mismo índice más de una vez cuando está anidado. Este bug puede conllevar a una violación de seg... • https://github.com/rust-lang/rust/pull/80670 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28875 – rust: heap-based buffer overflow in read_to_end() because it does not validate the return value from Read in an unsafe context
https://notcve.org/view.php?id=CVE-2021-28875
11 Apr 2021 — In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. En la biblioteca estándar de Rust versiones anteriores a 1.50.0, la función read_to_end() no comprueba el valor de retorno de Read en un contexto no seguro. Este bug podría conllevar a un desbordamiento de búfer Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-ve... • https://github.com/rust-lang/rust/issues/80894 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-252: Unchecked Return Value •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-28876 – rust: panic safety issue in Zip implementation
https://notcve.org/view.php?id=CVE-2021-28876
11 Apr 2021 — In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar de Rust versiones anteriores a 1.52.0, la implementación de Zip presenta un problema de seguridad de pánico. Llama a la función __itera... • https://github.com/rust-lang/rust/issues/81740 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-28878 – rust: memory safety violation in Zip implementation when next_back() and next() are used together
https://notcve.org/view.php?id=CVE-2021-28878
11 Apr 2021 — In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar en Rust versiones anteriores a 1.52.0, la implementación de Zip llama a la función __iterator_get_unchecked() más de una vez para el mismo índice (bajo dete... • https://github.com/rust-lang/rust/issues/82291 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-28879 – rust: integer overflow in the Zip implementation can lead to a buffer overflow
https://notcve.org/view.php?id=CVE-2021-28879
11 Apr 2021 — In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. En la biblioteca estándar de Rust versiones anteriores a 1.52.0, la implementación de Zip puede reportar un tamaño incorrecto debido a un desbordamiento de enteros. Este bug puede conllevar a un desbordamiento del búfer cuando un iterador Zip consumido es usado nuevamente Rust Toolset provides th... • https://github.com/rust-lang/rust/issues/82282 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16760 – Cargo prior to Rust 1.26.0 may download the wrong dependency
https://notcve.org/view.php?id=CVE-2019-16760
30 Sep 2019 — Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. Rust 1.0.0 through Rust 1.25.0 is af... • http://www.openwall.com/lists/oss-security/2019/10/08/3 • CWE-16: Configuration CWE-494: Download of Code Without Integrity Check •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010299
https://notcve.org/view.php?id=CVE-2019-1010299
15 Jul 2019 — The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d. • https://github.com/rust-lang/rust/issues/53566 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2019-12083 – openSUSE Security Advisory - openSUSE-SU-2019:2244-1
https://notcve.org/view.php?id=CVE-2019-12083
13 May 2019 — The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. Rust Programming Language Standard Library, versiones 1.34.x anteriores a 1.... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00076.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2018-1000810 – Gentoo Linux Security Advisory 201812-11
https://notcve.org/view.php?id=CVE-2018-1000810
08 Oct 2018 — The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1. Rust Programming Language Standard Library en versiones 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126... • https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html • CWE-190: Integer Overflow or Wraparound •