VYPR
Vendor

Rust Lang

Products
4
CVEs
20
Across products
20
Status
Private

Products

4

Recent CVEs

20
  • CVE-2024-3566CriApr 10, 2024
    risk 0.65cvss 9.8epss 0.07

    A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

  • CVE-2018-1000810CriOct 8, 2018
    risk 0.64cvss 9.8epss 0.03

    The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable…

  • CVE-2025-11233MedOct 1, 2025
    risk 0.41cvss epss 0.00

    Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target (`x86_64-pc-cygwin`) didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that…

  • CVE-2026-5222MedMay 25, 2026
    risk 0.35cvss 6.5epss 0.00

    Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry…

  • CVE-2026-5223MedMay 25, 2026
    risk 0.27cvss 5.3epss 0.00

    Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is **medium** for users of third-party…

  • CVE-2024-24576Apr 9, 2024
    risk 0.06cvss epss 0.20

    Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to…

  • CVE-2024-43402Sep 4, 2024
    risk 0.00cvss epss 0.01

    Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing…

  • CVE-2022-24713Mar 8, 2022
    risk 0.00cvss epss 0.14

    regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide…

  • CVE-2022-21658Jan 20, 2022
    risk 0.00cvss epss 0.01

    Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling…

  • CVE-2021-29922Aug 7, 2021
    risk 0.00cvss epss 0.03

    library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal…

  • CVE-2017-20004Apr 14, 2021
    risk 0.00cvss epss 0.01

    In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.

  • CVE-2018-25008Apr 14, 2021
    risk 0.00cvss epss 0.01

    In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.

  • CVE-2021-31162Apr 14, 2021
    risk 0.00cvss epss 0.03

    In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.

  • CVE-2020-36318Apr 11, 2021
    risk 0.00cvss epss 0.02

    In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.

  • CVE-2021-28879Apr 11, 2021
    risk 0.00cvss epss 0.02

    In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.

  • CVE-2021-28876Apr 11, 2021
    risk 0.00cvss epss 0.02

    In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due…

  • CVE-2021-28878Apr 11, 2021
    risk 0.00cvss epss 0.02

    In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet…

  • CVE-2021-28875Apr 11, 2021
    risk 0.00cvss epss 0.02

    In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

  • CVE-2021-28877Apr 11, 2021
    risk 0.00cvss epss 0.01

    In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.

  • CVE-2018-1000657HigAug 20, 2018
    risk 0.00cvss 7.8epss 0.01

    Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary…