Known Vulnerabilities for products from Rust-lang
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Rust-lang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-49092 json | 5.9 - MEDIUM | 2023-11-28 | 2023-12-06 | |
| CVE-2023-40030 json | Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo di... | 6.1 - MEDIUM | 2023-08-24 | 2023-08-31 |
| CVE-2023-38497 json | Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust ... | 7.3 - HIGH | 2023-08-04 | 2023-08-17 |
| CVE-2022-46176 json | Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verificat... | 5.9 - MEDIUM | 2023-01-11 | 2023-11-07 |
| CVE-2022-36114 json | Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data e... | 6.5 - MEDIUM | 2022-09-14 | 2023-08-14 |
| CVE-2022-36113 json | Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code i... | 8.1 - HIGH | 2022-09-14 | 2023-08-14 |
| CVE-2022-24713 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-03-08 | 2023-11-07 |
| CVE-2022-21658 json | Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurren... | 6.3 - MEDIUM | 2022-01-20 | 2023-11-07 |
| CVE-2021-31162 json | In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element ... | 9.8 - CRITICAL | 2021-04-14 | 2023-11-07 |
| CVE-2021-29922 json | library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of... | 9.1 - CRITICAL | 2021-08-07 | 2022-11-07 |
| CVE-2021-28879 json | In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow... | 9.8 - CRITICAL | 2021-04-11 | 2023-11-07 |
| CVE-2021-28878 json | In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the... | 7.5 - HIGH | 2021-04-11 | 2023-11-07 |
| CVE-2021-28877 json | In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index mor... | 7.5 - HIGH | 2021-04-11 | 2022-11-03 |
| CVE-2021-28876 json | In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unche... | 5.3 - MEDIUM | 2021-04-11 | 2023-11-07 |
| CVE-2021-28875 json | In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe contex... | 7.5 - HIGH | 2021-04-11 | 2022-11-03 |
| CVE-2020-36323 json | In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized byte... | 8.2 - HIGH | 2021-04-14 | 2023-11-07 |
| CVE-2020-36318 json | In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once ... | 9.8 - CRITICAL | 2021-04-11 | 2021-04-26 |
| CVE-2020-36317 json | In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a ... | 7.5 - HIGH | 2021-04-11 | 2022-06-28 |
| CVE-2020-36202 json | An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse p... | 6.1 - MEDIUM | 2021-01-26 | 2021-02-10 |
| CVE-2020-35920 json | An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr... | 5.5 - MEDIUM | 2020-12-31 | 2021-01-06 |
Known software with vulnerabilities from Rust-lang
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Rust-lang | Async-h1 | - |
| Application | Rust-lang | Future-utils | - |
| Application | Rust-lang | Futures-task | - |
| Application | Rust-lang | Mdbook | - |
| Application | Rust-lang | Rust | 0.1 |
| Application | Rust-lang | Socket2 | - |