CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28877 – rust: memory safety violation in Zip implementation for nested iter::Zips
https://notcve.org/view.php?id=CVE-2021-28877
11 Apr 2021 — In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar en Rust versiones anteriores a 1.51.0, la implementación de Zip llama a la función __iterator_get_unchecked() para el mismo índice más de una vez cuando está anidado. Este bug puede conllevar a una violación de seg... • https://github.com/rust-lang/rust/pull/80670 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-28879 – rust: integer overflow in the Zip implementation can lead to a buffer overflow
https://notcve.org/view.php?id=CVE-2021-28879
11 Apr 2021 — In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. En la biblioteca estándar de Rust versiones anteriores a 1.52.0, la implementación de Zip puede reportar un tamaño incorrecto debido a un desbordamiento de enteros. Este bug puede conllevar a un desbordamiento del búfer cuando un iterador Zip consumido es usado nuevamente Rust Toolset provides th... • https://github.com/rust-lang/rust/issues/82282 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36202
https://notcve.org/view.php?id=CVE-2020-36202
22 Jan 2021 — An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy. Se detectó un problema en la crate async-h1 versiones anteriores a 2.3.0 para Rust. El trafico no autorizado de peticiones puede ocurrir cuando se utiliza detrás de un proxy inverso • https://rustsec.org/advisories/RUSTSEC-2020-0093.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26297 – XSS in mdBook's search page
https://notcve.org/view.php?id=CVE-2020-26297
04 Jan 2021 — mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of mdBook (introduced in version 0.1.4) was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious s... • https://crates.io/crates/mdbook • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35905
https://notcve.org/view.php?id=CVE-2020-35905
31 Dec 2020 — An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code). Se detectó un problema en la crate futures-util versiones anteriores a 0.3.7 para Rust. La función MutexGuard::map puede causar una carrera de datos para determinadas situaciones de cierre (en código seguro). • https://rustsec.org/advisories/RUSTSEC-2020-0059.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35906
https://notcve.org/view.php?id=CVE-2020-35906
31 Dec 2020 — An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation. Se detectó un problema en la crate futures-task versiones anteriores a 0.3.6 para Rust. La función futures_task::waker puede causar un uso de la memoria previamente liberada en una situación de tipo no estático. • https://rustsec.org/advisories/RUSTSEC-2020-0060.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35907
https://notcve.org/view.php?id=CVE-2020-35907
31 Dec 2020 — An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference. Se detectó un problema en la crate futures-task versiones anteriores a 0.3.5 para Rust. La función futures_task::noop_waker_ref permite una desreferencia del puntero NULL. • https://rustsec.org/advisories/RUSTSEC-2020-0061.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35908
https://notcve.org/view.php?id=CVE-2020-35908
31 Dec 2020 — An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled. Se detectó un problema en la crate futures-util versiones anteriores a 0.3.2 para Rust. La función FuturesUnordered puede conllevar a una corrupción de los datos porque Sync es manejada inapropiadamente. • https://rustsec.org/advisories/RUSTSEC-2020-0062.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35920
https://notcve.org/view.php?id=CVE-2020-35920
31 Dec 2020 — An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. Se detectó un problema en la crate socket2 versiones anteriores a 0.3.16 para Rust. Presenta falsas expectativas sobre la representación de la memoria de la función std::net::SocketAddr. • https://rustsec.org/advisories/RUSTSEC-2020-0079.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26281 – request smuggling in async-h1
https://notcve.org/view.php?id=CVE-2020-26281
21 Dec 2020 — async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the body of a request which is longer than some buffer length, async-h1 will attempt to read a subsequent request from the body content starting at that offset into the body. One way to exploit this vulnerability would ... • https://github.com/http-rs/async-h1/releases/tag/v2.3.0 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •