CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16760 – Cargo prior to Rust 1.26.0 may download the wrong dependency
https://notcve.org/view.php?id=CVE-2019-16760
30 Sep 2019 — Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. Rust 1.0.0 through Rust 1.25.0 is af... • http://www.openwall.com/lists/oss-security/2019/10/08/3 • CWE-16: Configuration CWE-494: Download of Code Without Integrity Check •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010299
https://notcve.org/view.php?id=CVE-2019-1010299
15 Jul 2019 — The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d. • https://github.com/rust-lang/rust/issues/53566 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2019-12083 – openSUSE Security Advisory - openSUSE-SU-2019:2244-1
https://notcve.org/view.php?id=CVE-2019-12083
13 May 2019 — The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. Rust Programming Language Standard Library, versiones 1.34.x anteriores a 1.... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00076.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2018-1000810 – Gentoo Linux Security Advisory 201812-11
https://notcve.org/view.php?id=CVE-2018-1000810
08 Oct 2018 — The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1. Rust Programming Language Standard Library en versiones 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126... • https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000657
https://notcve.org/view.php?id=CVE-2018-1000657
20 Aug 2018 — Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published.. This vulnerability appears to have been fixed in after commit fdfafb510b1a38f727e920dccbeeb638d39a8e60; stable release 1.22.0 and later. La librería estándar de R... • http://www.securityfocus.com/bid/105188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000622 – Gentoo Linux Security Advisory 201812-11
https://notcve.org/view.php?id=CVE-2018-1000622
09 Jul 2018 — The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1. Rust Programming Language rustdoc desde la versión 0.8 hasta la 1.27.0 contiene una vulnerabilidad CWE-427: elemento de búsqueda de ruta no co... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00076.html • CWE-427: Uncontrolled Search Path Element •