Search CVE reports
1 – 10 of 28 results
Some fixes available 34 of 52
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a...
23 affected packages
rust-tar, rustc, rustc-1.62, rustc-1.74, rustc-1.76...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rust-tar | Fixed | Fixed | Needs evaluation | — |
| rustc | Fixed | Fixed | Needs evaluation | Needs evaluation |
| rustc-1.62 | Not in release | Fixed | — | — |
| rustc-1.74 | Fixed | Not in release | — | — |
| rustc-1.76 | Fixed | Fixed | Needs evaluation | — |
| rustc-1.77 | Fixed | Fixed | Needs evaluation | — |
| rustc-1.78 | Fixed | Fixed | Needs evaluation | — |
| rustc-1.79 | Fixed | Fixed | Needs evaluation | — |
| rustc-1.80 | Fixed | Fixed | Needs evaluation | — |
| rustc-1.81 | Fixed | Fixed | — | — |
| rustc-1.82 | Fixed | Fixed | — | — |
| rustc-1.83 | Fixed | Fixed | — | — |
| rustc-1.84 | Fixed | Fixed | — | — |
| rustc-1.85 | Fixed | Fixed | — | — |
| rustc-1.88 | Not in release | Not in release | — | — |
| rustc-1.89 | Fixed | Fixed | — | — |
| rustc-1.91 | Fixed | Fixed | — | — |
| rustc-1.92 | Not in release | Not in release | — | — |
| rustc-1.93 | Not in release | Not in release | — | — |
| cargo | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| rust-cargo-c | Needs evaluation | Not in release | — | — |
| rust-async-tar | Needs evaluation | Not in release | — | — |
| rust-astral-tokio-tar | Not in release | Not in release | — | — |
Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target (`x86_64-pc-cygwin`) didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes....
14 affected packages
rustc, rustc-1.62, rustc-1.74, rustc-1.76, rustc-1.77...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rustc | Not affected | Not affected | Not affected | Not affected |
| rustc-1.62 | Not in release | Not affected | — | — |
| rustc-1.74 | Not affected | Not in release | — | — |
| rustc-1.76 | Not affected | Not affected | Not affected | — |
| rustc-1.77 | Not affected | Not affected | Not affected | — |
| rustc-1.78 | Not affected | Not affected | Not affected | — |
| rustc-1.79 | Not affected | Not affected | Not affected | — |
| rustc-1.80 | Not affected | Not affected | Not affected | — |
| rustc-1.88 | Not in release | Not in release | — | — |
| rustc-1.81 | Not affected | Not affected | — | — |
| rustc-1.82 | Not affected | Not affected | — | — |
| rustc-1.83 | Not affected | Not affected | — | — |
| rustc-1.84 | Not affected | Not affected | — | — |
| rustc-1.85 | Not affected | Not affected | — | — |
Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass...
2 affected packages
rustc, cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rustc | Not affected | Not affected | Not affected | Not affected |
| cargo | Not in release | Not affected | Not affected | Not affected |
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on...
2 affected packages
rustc, cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rustc | — | Not affected | Not affected | Not affected |
| cargo | — | Not affected | Not affected | Not affected |
Some fixes available 1 of 8
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A...
2 affected packages
cargo, rustc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cargo | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| rustc | Fixed | Not affected | Not affected | Not affected |
Some fixes available 6 of 11
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If...
3 affected packages
rust-cargo, rustc, cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rust-cargo | Vulnerable | Fixed | Not in release | Ignored |
| rustc | Fixed | Not affected | Not affected | Not affected |
| cargo | Not in release | Fixed | Fixed | Fixed |
Some fixes available 10 of 41
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was...
11 affected packages
rust-crossbeam-utils, rust-crossbeam-utils-0.7, firefox, mozjs38, librsvg...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rust-crossbeam-utils | Not affected | Vulnerable | Vulnerable | Not in release |
| rust-crossbeam-utils-0.7 | Not in release | Vulnerable | Not in release | Not in release |
| firefox | Fixed | Fixed | Not in release | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| librsvg | Not affected | Not affected | Not affected | Not affected |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| rustc | Not affected | Fixed | Fixed | Not affected |
| thunderbird | Ignored | Ignored | Not in release | Ignored |
| cargo | Not in release | Not affected | Not affected | Not affected |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
Some fixes available 1 of 5
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library...
1 affected package
rustc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rustc | Not affected | Not affected | Fixed | Not affected |
Some fixes available 2 of 5
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different...
1 affected package
rustc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rustc | Not affected | Fixed | Fixed | Not affected |
Some fixes available 2 of 8
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based...
1 affected package
rustc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rustc | Not affected | Fixed | Fixed | Not affected |