Rust
Products
24Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000810 | Cri | 0.64 | 9.8 | 0.03 | Oct 8, 2018 | The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable… | ||
| CVE-2020-36318 | Cri | 0.57 | 9.8 | 0.02 | Apr 11, 2021 | In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. | ||
| CVE-2018-1000622 | Hig | 0.51 | 7.8 | 0.02 | Jul 9, 2018 | The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin… | ||
| CVE-2015-20001 | Hig | 0.42 | 7.5 | 0.01 | Apr 11, 2021 | In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which… | ||
| CVE-2024-35313 | Hig | 0.40 | 7.3 | 0.00 | May 17, 2024 | In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004. | ||
| CVE-2024-35312 | Med | 0.33 | 6.2 | 0.00 | May 17, 2024 | In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003. | ||
| CVE-2025-48755 | Low | 0.19 | 2.9 | 0.00 | May 24, 2025 | In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type). | ||
| CVE-2018-1000657 | Hig | 0.00 | 7.8 | 0.01 | Aug 20, 2018 | Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary… |
- risk 0.64cvss 9.8epss 0.03
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable…
- risk 0.57cvss 9.8epss 0.02
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
- risk 0.51cvss 7.8epss 0.02
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin…
- risk 0.42cvss 7.5epss 0.01
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which…
- risk 0.40cvss 7.3epss 0.00
In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004.
- risk 0.33cvss 6.2epss 0.00
In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003.
- risk 0.19cvss 2.9epss 0.00
In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).
- risk 0.00cvss 7.8epss 0.01
Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary…