rpm package
opensuse/cargo-audit&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cargo-audit&distro=openSUSE%20Tumbleweed
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25727 | — | < 0.22.1~git0.efcde93-2.1 | 0.22.1~git0.efcde93-2.1 | Feb 6, 2026 | time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used | ||
| CVE-2025-58160 | Low | — | < 0.21.2~git0.18e58c2-2.1 | 0.21.2~git0.18e58c2-2.1 | Aug 29, 2025 | tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i | |
| CVE-2024-12224 | — | < 0.21.2~git0.18e58c2-2.1 | 0.21.2~git0.18e58c2-2.1 | May 30, 2025 | Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname. | ||
| CVE-2025-4574 | Med | 6.5 | < 0.21.2~git0.18e58c2-2.1 | 0.21.2~git0.18e58c2-2.1 | May 13, 2025 | In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption. | |
| CVE-2024-45405 | Med | 6.0 | < 0.20.0~git66.972ac93-3.1 | 0.20.0~git66.972ac93-3.1 | Sep 6, 2024 | `gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the `git` installation, but improperly resolv | |
| CVE-2022-24713 | — | < 0.16.0~git0.625c965-3.1 | 0.16.0~git0.625c965-3.1 | Mar 8, 2022 | regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane |
- CVE-2026-25727Feb 6, 2026affected < 0.22.1~git0.efcde93-2.1fixed 0.22.1~git0.efcde93-2.1
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used
- affected < 0.21.2~git0.18e58c2-2.1fixed 0.21.2~git0.18e58c2-2.1
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i
- CVE-2024-12224May 30, 2025affected < 0.21.2~git0.18e58c2-2.1fixed 0.21.2~git0.18e58c2-2.1
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
- affected < 0.21.2~git0.18e58c2-2.1fixed 0.21.2~git0.18e58c2-2.1
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
- affected < 0.20.0~git66.972ac93-3.1fixed 0.20.0~git66.972ac93-3.1
`gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the `git` installation, but improperly resolv
- CVE-2022-24713Mar 8, 2022affected < 0.16.0~git0.625c965-3.1fixed 0.16.0~git0.625c965-3.1
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane