CVE-2025-58160
Description
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tracing-subscribercrates.io | < 0.3.20 | 0.3.20 |
Affected products
209- osv-coords209 versionspkg:apk/chainguard/atuinpkg:apk/chainguard/bergpkg:apk/chainguard/bootupdpkg:apk/chainguard/buck2pkg:apk/chainguard/cargo-auditpkg:apk/chainguard/cargo-audit-docpkg:apk/chainguard/cargo-cpkg:apk/chainguard/flake8-to-ruffpkg:apk/chainguard/jujutsupkg:apk/chainguard/jujutsu-docspkg:apk/chainguard/kdashpkg:apk/chainguard/libwasmtimepkg:apk/chainguard/linkerd2pkg:apk/chainguard/linkerd2-clipkg:apk/chainguard/linkerd2-cni-pluginpkg:apk/chainguard/linkerd2-cni-plugin-compatpkg:apk/chainguard/linkerd2-cni-repair-controllerpkg:apk/chainguard/linkerd2-cni-repair-controller-compatpkg:apk/chainguard/linkerd2-controllerpkg:apk/chainguard/linkerd2-controller-compatpkg:apk/chainguard/linkerd2-debugpkg:apk/chainguard/linkerd2-metrics-apipkg:apk/chainguard/linkerd2-metrics-api-compatpkg:apk/chainguard/linkerd2-policy-controllerpkg:apk/chainguard/linkerd2-policy-controller-compatpkg:apk/chainguard/linkerd2-proxypkg:apk/chainguard/linkerd2-proxy-identitypkg:apk/chainguard/linkerd2-tappkg:apk/chainguard/linkerd2-tap-compatpkg:apk/chainguard/linkerd2-webpkg:apk/chainguard/linkerd-extension-initpkg:apk/chainguard/linkerd-extension-init-compatpkg:apk/chainguard/linkerd-network-validatorpkg:apk/chainguard/mountpoint-s3pkg:apk/chainguard/mountpoint-s3-compatpkg:apk/chainguard/ntpd-rspkg:apk/chainguard/orandapkg:apk/chainguard/parseablepkg:apk/chainguard/pgcatpkg:apk/chainguard/pixipkg:apk/chainguard/pixi-compatpkg:apk/chainguard/py3.10-hf-xetpkg:apk/chainguard/py3.10-uv-buildpkg:apk/chainguard/py3.10-uv-build-binpkg:apk/chainguard/py3.11-hf-xetpkg:apk/chainguard/py3.11-uv-buildpkg:apk/chainguard/py3.11-uv-build-binpkg:apk/chainguard/py3.12-hf-xetpkg:apk/chainguard/py3.12-uv-buildpkg:apk/chainguard/py3.12-uv-build-binpkg:apk/chainguard/py3.13-hf-xetpkg:apk/chainguard/py3.13-uv-buildpkg:apk/chainguard/py3.13-uv-build-binpkg:apk/chainguard/py3-supported-hf-xetpkg:apk/chainguard/py3-supported-uv-buildpkg:apk/chainguard/py3-xet-corepkg:apk/chainguard/qdrantpkg:apk/chainguard/qdrant-oci-compatpkg:apk/chainguard/qdrant-oci-entrypointpkg:apk/chainguard/ruffpkg:apk/chainguard/ruff-python-formatterpkg:apk/chainguard/rust-analyzerpkg:apk/chainguard/rustuppkg:apk/chainguard/shadowsocks-rustpkg:apk/chainguard/shadowsocks-rust-sslocalpkg:apk/chainguard/shadowsocks-rust-ssmanagerpkg:apk/chainguard/shadowsocks-rust-ssserverpkg:apk/chainguard/shadowsocks-rust-ssservicepkg:apk/chainguard/shadowsocks-rust-ssurlpkg:apk/chainguard/topgradepkg:apk/chainguard/topgrade-bash-completionpkg:apk/chainguard/topgrade-docpkg:apk/chainguard/topgrade-fish-completionpkg:apk/chainguard/topgrade-zsh-completionpkg:apk/chainguard/uvpkg:apk/chainguard/wadmpkg:apk/chainguard/washpkg:apk/chainguard/wasmcloudpkg:apk/chainguard/wasmtimepkg:apk/chainguard/wasmtime-devpkg:apk/chainguard/yazipkg:apk/chainguard/zizmorpkg:apk/chainguard/ztunnel-1.24pkg:apk/chainguard/ztunnel-1.24-compatpkg:apk/chainguard/ztunnel-1.25pkg:apk/chainguard/ztunnel-1.25-compatpkg:apk/chainguard/ztunnel-1.26pkg:apk/chainguard/ztunnel-1.26-compatpkg:apk/chainguard/ztunnel-1.27pkg:apk/chainguard/ztunnel-1.27-compatpkg:apk/chainguard/ztunnel-fips-1.24pkg:apk/chainguard/ztunnel-fips-1.24-compatpkg:apk/chainguard/ztunnel-fips-1.25pkg:apk/chainguard/ztunnel-fips-1.25-compatpkg:apk/chainguard/ztunnel-fips-1.26pkg:apk/chainguard/ztunnel-fips-1.26-compatpkg:apk/chainguard/ztunnel-fips-1.27pkg:apk/chainguard/ztunnel-fips-1.27-compatpkg:apk/wolfi/atuinpkg:apk/wolfi/bergpkg:apk/wolfi/buck2pkg:apk/wolfi/cargo-auditpkg:apk/wolfi/cargo-audit-docpkg:apk/wolfi/cargo-cpkg:apk/wolfi/flake8-to-ruffpkg:apk/wolfi/kdashpkg:apk/wolfi/libwasmtimepkg:apk/wolfi/linkerd2pkg:apk/wolfi/linkerd2-clipkg:apk/wolfi/linkerd2-controllerpkg:apk/wolfi/linkerd2-controller-compatpkg:apk/wolfi/linkerd2-debugpkg:apk/wolfi/linkerd2-metrics-apipkg:apk/wolfi/linkerd2-metrics-api-compatpkg:apk/wolfi/linkerd2-policy-controllerpkg:apk/wolfi/linkerd2-policy-controller-compatpkg:apk/wolfi/linkerd2-proxypkg:apk/wolfi/linkerd2-proxy-identitypkg:apk/wolfi/linkerd2-tappkg:apk/wolfi/linkerd2-tap-compatpkg:apk/wolfi/linkerd2-webpkg:apk/wolfi/linkerd-extension-initpkg:apk/wolfi/linkerd-extension-init-compatpkg:apk/wolfi/linkerd-network-validatorpkg:apk/wolfi/mountpoint-s3pkg:apk/wolfi/mountpoint-s3-compatpkg:apk/wolfi/ntpd-rspkg:apk/wolfi/orandapkg:apk/wolfi/parseablepkg:apk/wolfi/pgcatpkg:apk/wolfi/pixipkg:apk/wolfi/pixi-compatpkg:apk/wolfi/py3.10-hf-xetpkg:apk/wolfi/py3.10-uv-buildpkg:apk/wolfi/py3.10-uv-build-binpkg:apk/wolfi/py3.11-hf-xetpkg:apk/wolfi/py3.11-uv-buildpkg:apk/wolfi/py3.11-uv-build-binpkg:apk/wolfi/py3.12-hf-xetpkg:apk/wolfi/py3.12-uv-buildpkg:apk/wolfi/py3.12-uv-build-binpkg:apk/wolfi/py3.13-hf-xetpkg:apk/wolfi/py3.13-uv-buildpkg:apk/wolfi/py3.13-uv-build-binpkg:apk/wolfi/py3-supported-hf-xetpkg:apk/wolfi/py3-supported-uv-buildpkg:apk/wolfi/py3-xet-corepkg:apk/wolfi/qdrantpkg:apk/wolfi/qdrant-oci-compatpkg:apk/wolfi/qdrant-oci-entrypointpkg:apk/wolfi/ruffpkg:apk/wolfi/ruff-python-formatterpkg:apk/wolfi/rust-analyzerpkg:apk/wolfi/rustuppkg:apk/wolfi/shadowsocks-rustpkg:apk/wolfi/shadowsocks-rust-sslocalpkg:apk/wolfi/shadowsocks-rust-ssmanagerpkg:apk/wolfi/shadowsocks-rust-ssserverpkg:apk/wolfi/shadowsocks-rust-ssservicepkg:apk/wolfi/shadowsocks-rust-ssurlpkg:apk/wolfi/topgradepkg:apk/wolfi/topgrade-bash-completionpkg:apk/wolfi/topgrade-docpkg:apk/wolfi/topgrade-fish-completionpkg:apk/wolfi/topgrade-zsh-completionpkg:apk/wolfi/uvpkg:apk/wolfi/wadmpkg:apk/wolfi/washpkg:apk/wolfi/wasmcloudpkg:apk/wolfi/wasmtimepkg:apk/wolfi/wasmtime-devpkg:apk/wolfi/yazipkg:apk/wolfi/zizmorpkg:apk/wolfi/ztunnel-1.24pkg:apk/wolfi/ztunnel-1.24-compatpkg:apk/wolfi/ztunnel-1.25pkg:apk/wolfi/ztunnel-1.25-compatpkg:apk/wolfi/ztunnel-1.26pkg:apk/wolfi/ztunnel-1.26-compatpkg:apk/wolfi/ztunnel-1.27pkg:apk/wolfi/ztunnel-1.27-compatpkg:cargo/tracing-subscriberpkg:rpm/opensuse/bpftop&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cargo-audit&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cargo-c&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cargo-c&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cargo-packaging&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cargo-packaging&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/himmelblau&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/himmelblau&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-maturin&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-maturin&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python-maturin&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-ruff&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-uv&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python-uv&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rav1e&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rust-bindgen&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rustup&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cargo-c&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/cargo-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/himmelblau&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/himmelblau&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/himmelblau&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python-maturin&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python-maturin&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python-maturin&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/python-uv&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python-uv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 18.8.0-r1+ 208 more
- (no CPE)range: < 18.8.0-r1
- (no CPE)range: < 0.4.11-r2
- (no CPE)range: < 0.2.29-r3
- (no CPE)range: < 20250401-r4
- (no CPE)range: < 0.21.2-r7
- (no CPE)range: < 0.21.2-r7
- (no CPE)range: < 0.10.15-r1
- (no CPE)range: < 0.12.11-r1
- (no CPE)range: < 0.32.0-r2
- (no CPE)range: < 0.32.0-r2
- (no CPE)range: < 0.6.2-r8
- (no CPE)range: < 36.0.2-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 1.6.4-r1
- (no CPE)range: < 1.6.4-r1
- (no CPE)range: < 1.6.4-r1
- (no CPE)range: < 1.6.4-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 2.316.0-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 0.1.7-r1
- (no CPE)range: < 0.1.7-r1
- (no CPE)range: < 0.1.4-r1
- (no CPE)range: < 1.19.0-r2
- (no CPE)range: < 1.19.0-r2
- (no CPE)range: < 1.6.2-r1
- (no CPE)range: < 0.6.5-r10
- (no CPE)range: < 2.4.2-r1
- (no CPE)range: < 1.2.0-r6
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 1.15.4-r1
- (no CPE)range: < 1.15.4-r1
- (no CPE)range: < 1.15.4-r1
- (no CPE)range: < 0.12.11-r1
- (no CPE)range: < 0.12.11-r1
- (no CPE)range: < 20250825-r1
- (no CPE)range: < 1.28.2-r2
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 16.0.4-r3
- (no CPE)range: < 16.0.4-r3
- (no CPE)range: < 16.0.4-r3
- (no CPE)range: < 16.0.4-r3
- (no CPE)range: < 16.0.4-r3
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 0.21.0-r4
- (no CPE)range: < 0.39.0-r5
- (no CPE)range: < 1.9.0-r1
- (no CPE)range: < 36.0.2-r1
- (no CPE)range: < 36.0.2-r1
- (no CPE)range: < 25.5.31-r3
- (no CPE)range: < 1.12.1-r1
- (no CPE)range: < 1.24.6-r3
- (no CPE)range: < 1.24.6-r3
- (no CPE)range: < 1.25.4-r2
- (no CPE)range: < 1.25.4-r2
- (no CPE)range: < 1.26.3-r1
- (no CPE)range: < 1.26.3-r1
- (no CPE)range: < 1.27.0-r1
- (no CPE)range: < 1.27.0-r1
- (no CPE)range: < 1.24.6-r2
- (no CPE)range: < 1.24.6-r2
- (no CPE)range: < 1.25.4-r2
- (no CPE)range: < 1.25.4-r2
- (no CPE)range: < 1.26.3-r3
- (no CPE)range: < 1.26.3-r3
- (no CPE)range: < 1.27.0-r2
- (no CPE)range: < 1.27.0-r2
- (no CPE)range: < 18.8.0-r1
- (no CPE)range: < 0.4.11-r2
- (no CPE)range: < 20250401-r4
- (no CPE)range: < 0.21.2-r7
- (no CPE)range: < 0.21.2-r7
- (no CPE)range: < 0.10.15-r1
- (no CPE)range: < 0.12.11-r1
- (no CPE)range: < 0.6.2-r8
- (no CPE)range: < 36.0.2-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 2.316.0-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 25.8.5-r1
- (no CPE)range: < 0.1.7-r1
- (no CPE)range: < 0.1.7-r1
- (no CPE)range: < 0.1.4-r1
- (no CPE)range: < 1.19.0-r2
- (no CPE)range: < 1.19.0-r2
- (no CPE)range: < 1.6.2-r1
- (no CPE)range: < 0.6.5-r10
- (no CPE)range: < 2.4.2-r1
- (no CPE)range: < 1.2.0-r6
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 1.1.9-r1
- (no CPE)range: < 1.15.4-r1
- (no CPE)range: < 1.15.4-r1
- (no CPE)range: < 1.15.4-r1
- (no CPE)range: < 0.12.11-r1
- (no CPE)range: < 0.12.11-r1
- (no CPE)range: < 20250825-r1
- (no CPE)range: < 1.28.2-r2
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 1.23.5-r3
- (no CPE)range: < 16.0.4-r3
- (no CPE)range: < 16.0.4-r3
- (no CPE)range: < 16.0.4-r3
- (no CPE)range: < 16.0.4-r3
- (no CPE)range: < 16.0.4-r3
- (no CPE)range: < 0.8.14-r1
- (no CPE)range: < 0.21.0-r4
- (no CPE)range: < 0.39.0-r5
- (no CPE)range: < 1.9.0-r1
- (no CPE)range: < 36.0.2-r1
- (no CPE)range: < 36.0.2-r1
- (no CPE)range: < 25.5.31-r3
- (no CPE)range: < 1.12.1-r1
- (no CPE)range: < 1.24.6-r3
- (no CPE)range: < 1.24.6-r3
- (no CPE)range: < 1.25.4-r2
- (no CPE)range: < 1.25.4-r2
- (no CPE)range: < 1.26.3-r1
- (no CPE)range: < 1.26.3-r1
- (no CPE)range: < 1.27.0-r1
- (no CPE)range: < 1.27.0-r1
- (no CPE)range: < 0.3.20
- (no CPE)range: < 0.7.1-1.1
- (no CPE)range: < 0.21.2~git0.18e58c2-2.1
- (no CPE)range: < 0.10.15-160000.1.1
- (no CPE)range: < 0.10.3~git0.ee7d7ef-4.1
- (no CPE)range: < 1.3.0+0-150600.3.3.1
- (no CPE)range: < 1.3.0+0-2.1
- (no CPE)range: < 2.3.8+git0.dec3693-160000.1.1
- (no CPE)range: < 1.2.2+git.0.2d04bca-1.1
- (no CPE)range: < 1.4.0-150600.3.9.1
- (no CPE)range: < 1.8.7-160000.3.1
- (no CPE)range: < 1.9.4-1.1
- (no CPE)range: < 0.12.11-2.1
- (no CPE)range: < 0.7.18-160000.3.1
- (no CPE)range: < 0.8.14-2.1
- (no CPE)range: < 0.8.1-2.1
- (no CPE)range: < 0.72.0-150600.13.3.1
- (no CPE)range: < 1.28.2~0-2.1
- (no CPE)range: < 0.10.15-160000.1.1
- (no CPE)range: < 0.10.15-160000.1.1
- (no CPE)range: < 0.7.18+git.0.8485a75-150700.3.6.1
- (no CPE)range: < 2.3.8+git0.dec3693-160000.1.1
- (no CPE)range: < 2.3.8+git0.dec3693-160000.1.1
- (no CPE)range: < 1.8.7-160000.3.1
- (no CPE)range: < 1.8.7-160000.3.1
- (no CPE)range: < 1.8.7-160000.3.1
- (no CPE)range: < 0.7.18-160000.3.1
- (no CPE)range: < 0.7.18-160000.3.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.