Rust-Lang Rust vulnerabilities

CVE-2024-43402 [HIGH] CVE-2024-43402: Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectl Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine wheth

CVE-2024-3566 [CRITICAL] CWE-77 CVE-2024-3566: A command inject vulnerability allows an attacker to perform command injection on Windows applicatio A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

CVE-2024-24576 [CRITICAL] CWE-78 CVE-2024-24576: Rust is a programming language. The Rust Security Response WG was notified that the Rust standard li Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbi

CVE-2023-40030 [MEDIUM] CWE-79 CVE-2023-40030: Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to cross-site scripti

CVE-2022-21658 [HIGH] CWE-363 CVE-2022-21658: Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a

CVE-2021-29922 [CRITICAL] CVE-2021-29922: library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero chara library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.

CVE-2021-31162 [CRITICAL] CWE-415 CVE-2021-31162: In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter functio In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.

CVE-2020-36323 [HIGH] CWE-134 CVE-2020-36323: In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.

CVE-2017-20004 [MEDIUM] CWE-362 CVE-2017-20004: In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.

CVE-2018-25008 [MEDIUM] CWE-662 CVE-2018-25008: In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut met In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.

CVE-2021-28879 [CRITICAL] CWE-190 CVE-2021-28879: In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size d In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.

CVE-2020-36318 [CRITICAL] CWE-415 CVE-2020-36318: In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the sam In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.

CVE-2021-28877 [HIGH] CWE-119 CVE-2021-28877: In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

CVE-2021-28878 [HIGH] CWE-119 CVE-2021-28878: In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

CVE-2021-28875 [HIGH] CWE-252 CVE-2021-28875: In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

CVE-2020-36317 [HIGH] CWE-787 CVE-2020-36317: In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.

CVE-2015-20001 [HIGH] CWE-119 CVE-2015-20001: In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation.

CVE-2021-28876 [MEDIUM] CWE-755 CVE-2021-28876: In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It c In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

CVE-2019-16760 [MEDIUM] CWE-16 CVE-2019-16760: Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `pac Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a mal

CVE-2019-1010299 [MEDIUM] CWE-200 CVE-2019-1010299: The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug print