Search CVE reports
1 – 10 of 11 results
Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass...
2 affected packages
rustc, cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rustc | Not affected | Not affected | Not affected | Not affected |
| cargo | Not in release | Not affected | Not affected | Not affected |
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on...
2 affected packages
rustc, cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rustc | — | Not affected | Not affected | Not affected |
| cargo | — | Not affected | Not affected | Not affected |
Some fixes available 1 of 8
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A...
2 affected packages
cargo, rustc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cargo | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| rustc | Fixed | Not affected | Not affected | Not affected |
Some fixes available 6 of 11
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If...
3 affected packages
rust-cargo, rustc, cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rust-cargo | Vulnerable | Fixed | Not in release | Ignored |
| rustc | Fixed | Not affected | Not affected | Not affected |
| cargo | Not in release | Fixed | Fixed | Fixed |
Some fixes available 4 of 8
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to...
2 affected packages
cargo, rust-cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cargo | Not in release | Fixed | Fixed | Vulnerable |
| rust-cargo | Not affected | Vulnerable | Not in release | Not in release |
Some fixes available 3 of 6
Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted...
1 affected package
cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cargo | Not in release | Fixed | Fixed | Vulnerable |
Some fixes available 3 of 6
Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an...
1 affected package
cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cargo | Not in release | Fixed | Fixed | Vulnerable |
Some fixes available 9 of 39
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was...
11 affected packages
rust-crossbeam-utils, rust-crossbeam-utils-0.7, firefox, mozjs38, librsvg...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rust-crossbeam-utils | Not affected | Vulnerable | Vulnerable | Not in release |
| rust-crossbeam-utils-0.7 | Not in release | Vulnerable | Not in release | Not in release |
| firefox | Fixed | Fixed | Not in release | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| librsvg | Not affected | Not affected | Not affected | Not affected |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| rustc | Not affected | Fixed | Fixed | Not affected |
| thunderbird | Ignored | Ignored | Not in release | Ignored |
| cargo | Not in release | Not affected | Not affected | Not affected |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
NULL Pointer Dereference in Homebrew mruby prior to 3.2.
5 affected packages
h2o, cargo, groonga, mruby, nghttp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cargo | Not in release | Not affected | Not affected | Not affected |
| groonga | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mruby | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| nghttp2 | Not affected | Not affected | Not affected | Not affected |
mruby is vulnerable to NULL Pointer Dereference
5 affected packages
cargo, groonga, h2o, mruby, nghttp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cargo | Not in release | Not affected | Not affected | Not affected |
| groonga | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mruby | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| nghttp2 | Not affected | Not affected | Not affected | Not affected |