Vulnerabilities > Rust Lang

DATE CVE VULNERABILITY TITLE RISK
2021-08-07 CVE-2021-29922 Unspecified vulnerability in Rust-Lang Rust
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.
network
low complexity
rust-lang
6.4
2021-04-14 CVE-2021-31162 Double Free vulnerability in multiple products
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
network
low complexity
rust-lang fedoraproject CWE-415
7.5
2021-04-14 CVE-2020-36323 Use of Externally-Controlled Format String vulnerability in multiple products
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
network
low complexity
rust-lang fedoraproject CWE-134
6.4
2021-04-11 CVE-2021-28879 Integer Overflow or Wraparound vulnerability in multiple products
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow.
network
low complexity
rust-lang fedoraproject CWE-190
7.5
2021-04-11 CVE-2021-28878 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together.
4.3
2021-04-11 CVE-2021-28876 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue.
4.3
2021-04-11 CVE-2020-36318 Use After Free vulnerability in Rust-Lang Rust 1.48.0
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition.
network
low complexity
rust-lang CWE-416
7.5
2021-01-04 CVE-2020-26297 Cross-site Scripting vulnerability in Rust-Lang Mdbook
mdBook is a utility to create modern online books from Markdown files and is written in Rust.
network
rust-lang CWE-79
4.3
2020-12-31 CVE-2020-35920 Unspecified vulnerability in Rust-Lang Socket2
An issue was discovered in the socket2 crate before 0.3.16 for Rust.
local
low complexity
rust-lang
2.1
2020-12-31 CVE-2020-35908 Unspecified vulnerability in Rust-Lang Future-Utils
An issue was discovered in the futures-util crate before 0.3.2 for Rust.
local
low complexity
rust-lang
2.1