Debian Rustc vulnerabilities

CVE-2026-33055 [HIGH] CVE-2026-33055: rust-tar - tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and be... tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header. This is almost the i

CVE-2026-33056 [MEDIUM] CVE-2026-33056: rust-tar - tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and... tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the

CVE-2025-11233 [MEDIUM] CVE-2025-11233: rustc - Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target (`x86... Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target (`x86_64-pc-cygwin`) didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could misbehave, potentially allowing path traversal attacks or malicious fil

CVE-2024-24576 [CRITICAL] CVE-2024-24576: rustc - Rust is a programming language. The Rust Security Response WG was notified that ... Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell comm

CVE-2024-43402 [CRITICAL] CVE-2024-43402: rustc - Rust is a programming language. The fix for CVE-2024-24576, where `std::process:... Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to

CVE-2022-21658 [HIGH] CVE-2022-21658: rustc - Rust is a multi-paradigm, general-purpose programming language designed for perf... Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged prog

CVE-2021-29922 [CRITICAL] CVE-2021-29922: rustc - library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider e... library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. Scope: local bookworm: resolved (fixed in 1.53.0+dfsg1-1) bullseye: open f

CVE-2021-31162 [CRITICAL] CVE-2021-31162: rustc - In the standard library in Rust before 1.52.0, a double free can occur in the Ve... In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. Scope: local bookworm: resolved (fixed in 1.53.0+dfsg1-1) bullseye: open forky: resolved (fixed in 1.53.0+dfsg1-1) sid: resolved (fixed in 1.53.0+dfsg1-1) trixie: resolved (fixed in 1.53.0+dfsg1-1)

CVE-2021-28879 [CRITICAL] CVE-2021-28879: rustc - In the standard library in Rust before 1.52.0, the Zip implementation can report... In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. Scope: local bookworm: resolved (fixed in 1.53.0+dfsg1-1) bullseye: open forky: resolved (fixed in 1.53.0+dfsg1-1) sid: resolved (fixed in 1.53.0+dfsg1-1) t

CVE-2021-28877 [HIGH] CVE-2021-28877: rustc - In the standard library in Rust before 1.51.0, the Zip implementation calls __it... In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. Scope: local bookworm: resolved (fixed in 1.53.0+dfsg1-1) bullseye: open forky: resolved (fixed in 1.53

CVE-2021-28875 [HIGH] CVE-2021-28875: rustc - In the standard library in Rust before 1.50.0, read_to_end() does not validate t... In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. Scope: local bookworm: resolved (fixed in 1.53.0+dfsg1-1) bullseye: open forky: resolved (fixed in 1.53.0+dfsg1-1) sid: resolved (fixed in 1.53.0+dfsg1-1) trixie: resolved (fixed in 1.53.0+dfsg1-1)

CVE-2021-28878 [HIGH] CVE-2021-28878: rustc - In the standard library in Rust before 1.52.0, the Zip implementation calls __it... In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. Scope: local bookworm: resolved (fixed i

CVE-2021-28876 [MEDIUM] CVE-2021-28876: rustc - In the standard library in Rust before 1.52.0, the Zip implementation has a pani... In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. Scope: local bookworm:

CVE-2021-42574 [HIGH] CVE-2021-42574: rustc - An issue was discovered in the Bidirectional Algorithm in the Unicode Specificat... An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for co

CVE-2020-36318 [CRITICAL] CVE-2020-36318: rustc - In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a b... In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. Scope: local bookworm: resolved (fixed in 1.53.0+dfsg1-1) bullseye: open forky: resolved (fixed in 1.53.0+dfsg1-1) sid: resolved (fixed in 1.53.0+dfsg1-1) tri

CVE-2020-36323 [HIGH] CVE-2020-36323: rustc - In the standard library in Rust before 1.52.0, there is an optimization for join... In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. Scope: local bookworm: resolved (fixed in 1.53.0+dfsg1-1) bullseye: open forky: resolved (fixed in 1.53.0+dfsg1-1) sid: resolved (fixed in 1.53

CVE-2020-36317 [HIGH] CVE-2020-36317: rustc - In the standard library in Rust before 1.49.0, String::retain() function has a p... In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string. Scope: local bookworm: resolved (fixed in 1.53.0+dfsg1-1) bu

CVE-2019-1010299 [MEDIUM] CVE-2019-1010299: rustc - The Rust Programming Language Standard Library 1.18.0 and later is affected by: ... The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator

CVE-2019-12083 [HIGH] CVE-2019-12083: rustc - The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a s... The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Co

CVE-2018-1000810 [CRITICAL] CVE-2018-1000810: rustc - The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1... The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnera