Page 5 of 36 results (0.007 seconds)

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-28876 – rust: panic safety issue in Zip implementation

https://notcve.org/view.php?id=CVE-2021-28876

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar de Rust versiones anteriores a 1.52.0, la implementación de Zip presenta un problema de seguridad de pánico. Llama a la función __iterator_get_unchecked() más de una vez para el mismo índice cuando el iterador subyacente entra en pánico (en determinadas condiciones). • https://github.com/rust-lang/rust/issues/81740 https://github.com/rust-lang/rust/pull/81741 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE https://security.gentoo.org/glsa/202210-09 https://access.redhat • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-28877 – rust: memory safety violation in Zip implementation for nested iter::Zips

https://notcve.org/view.php?id=CVE-2021-28877

In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar en Rust versiones anteriores a 1.51.0, la implementación de Zip llama a la función __iterator_get_unchecked() para el mismo índice más de una vez cuando está anidado. Este bug puede conllevar a una violación de seguridad de la memoria debido a un requisito de seguridad no cumplido para el rasgo TrustedRandomAccess • https://github.com/rust-lang/rust/pull/80670 https://security.gentoo.org/glsa/202210-09 https://access.redhat.com/security/cve/CVE-2021-28877 https://bugzilla.redhat.com/show_bug.cgi?id=1949204 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-36202

https://notcve.org/view.php?id=CVE-2020-36202

An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy. Se detectó un problema en la crate async-h1 versiones anteriores a 2.3.0 para Rust. El trafico no autorizado de peticiones puede ocurrir cuando se utiliza detrás de un proxy inverso • https://rustsec.org/advisories/RUSTSEC-2020-0093.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-26297 – XSS in mdBook's search page

https://notcve.org/view.php?id=CVE-2020-26297

mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of mdBook (introduced in version 0.1.4) was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious search query, or tricking the user into clicking a link to the search page with the malicious search query prefilled. mdBook 0.4.5 fixes the vulnerability by properly escaping the search query. Owners of websites built with mdBook have to upgrade to mdBook 0.4.5 or greater and rebuild their website contents with it. mdBook es una utilidad para crear libros en línea modernos a partir de archivos Markdown y es escrito en Rust. En mdBook versiones anteriores a 0.4.5, se presenta una vulnerabilidad que afecta la funcionalidad search de mdBook, que podría permitir a un atacante ejecutar código JavaScript arbitrario en la página. • https://crates.io/crates/mdbook https://github.com/rust-lang/mdBook/blob/master/CHANGELOG.md#mdbook-045 https://github.com/rust-lang/mdBook/commit/32abeef088e98327ca0dfccdad92e84afa9d2e9b https://github.com/rust-lang/mdBook/security/advisories/GHSA-gx5w-rrhp-f436 https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-35905

https://notcve.org/view.php?id=CVE-2020-35905

An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code). Se detectó un problema en la crate futures-util versiones anteriores a 0.3.7 para Rust. La función MutexGuard::map puede causar una carrera de datos para determinadas situaciones de cierre (en código seguro). • https://rustsec.org/advisories/RUSTSEC-2020-0059.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •