Page 3 of 19 results (0.008 seconds)

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1

In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. En la biblioteca estándar de Rust versiones anteriores a 1.52.0, la implementación de Zip puede reportar un tamaño incorrecto debido a un desbordamiento de enteros. Este bug puede conllevar a un desbordamiento del búfer cuando un iterador Zip consumido es usado nuevamente • https://github.com/rust-lang/rust/issues/82282 https://github.com/rust-lang/rust/pull/82289 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE https://security.gentoo.org/glsa/202210-09 https://access.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. En la biblioteca estándar de Rust versiones anteriores a 1.50.0, la función read_to_end() no comprueba el valor de retorno de Read en un contexto no seguro. Este bug podría conllevar a un desbordamiento de búfer • https://github.com/rust-lang/rust/issues/80894 https://github.com/rust-lang/rust/pull/80895 https://security.gentoo.org/glsa/202210-09 https://access.redhat.com/security/cve/CVE-2021-28875 https://bugzilla.redhat.com/show_bug.cgi?id=1949194 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-252: Unchecked Return Value •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar de Rust versiones anteriores a 1.52.0, la implementación de Zip presenta un problema de seguridad de pánico. Llama a la función __iterator_get_unchecked() más de una vez para el mismo índice cuando el iterador subyacente entra en pánico (en determinadas condiciones). • https://github.com/rust-lang/rust/issues/81740 https://github.com/rust-lang/rust/pull/81741 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE https://security.gentoo.org/glsa/202210-09 https://access.redhat • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar en Rust versiones anteriores a 1.51.0, la implementación de Zip llama a la función __iterator_get_unchecked() para el mismo índice más de una vez cuando está anidado. Este bug puede conllevar a una violación de seguridad de la memoria debido a un requisito de seguridad no cumplido para el rasgo TrustedRandomAccess • https://github.com/rust-lang/rust/pull/80670 https://security.gentoo.org/glsa/202210-09 https://access.redhat.com/security/cve/CVE-2021-28877 https://bugzilla.redhat.com/show_bug.cgi?id=1949204 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. Rust 1.0.0 through Rust 1.25.0 is affected by this advisory because Cargo will ignore the `package` key in manifests. • http://www.openwall.com/lists/oss-security/2019/10/08/3 https://gist.github.com/pietroalbini/0d293b24a44babbeb6187e06eebd4992 https://github.com/rust-lang/rust/security/advisories/GHSA-phjm-8x66-qw4r https://groups.google.com/forum/#%21topic/rustlang-security-announcements/rVQ5e3TDnpQ • CWE-16: Configuration CWE-494: Download of Code Without Integrity Check •