Home/Product/rust lang rust
Product

rust lang rust

24 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-43402
< 1.81.0
Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invok
8.1HIGH
 CVE-2024-3566
< 1.77.2
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on t
9.8CRITICAL
 CVE-2024-24576
< 1.77.2
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2
10.0CRITICAL
 CVE-2023-40030
>= 1.60.0 and < 1.72.0
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not
6.1MEDIUM
 CVE-2022-21658
>= 1.0.0 and <= 1.58.0
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. T
7.3HIGH
 CVE-2021-29922
< 1.53.0
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an I
9.1CRITICAL
 CVE-2021-31162
>= 1.48.0 and < 1.52.0
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panic
9.8CRITICAL
 CVE-2020-36323
< 1.52.0
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to
8.2HIGH
 CVE-2018-25008
< 1.29.0
In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issu
5.9MEDIUM
 CVE-2017-20004
< 1.19.0
In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be use
5.9MEDIUM
 CVE-2021-28879
< 1.52.0
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. Thi
9.8CRITICAL
 CVE-2021-28878
< 1.52.0
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same
7.5HIGH
 CVE-2021-28877
< 1.51.0
In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more tha
7.5HIGH
 CVE-2021-28876
< 1.52.0
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked(
5.3MEDIUM
 CVE-2021-28875
< 1.50.0
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. Th
7.5HIGH
 CVE-2020-36318
>= 1.48.0 and < 1.49.0
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under
9.8CRITICAL
 CVE-2020-36317
< 1.49.0
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-U
7.5HIGH
 CVE-2015-20001
< 1.2.0
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when
7.5HIGH
 CVE-2019-16760
< 1.26.0
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage
4.6MEDIUM
 CVE-2019-1010299
>= 1.18.0 and < 1.30.0
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Cont
5.3MEDIUM
 CVE-2019-12083
>= 1.34.0 and < 1.34.2
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate
8.1HIGH
 CVE-2018-1000810
all versions
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-6
9.8CRITICAL
 CVE-2018-1000657
>= 1.3.0 and < 1.22.0
Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release
7.8HIGH
 CVE-2018-1000622
>= 0.8 and <= 1.27.0
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerab
7.8HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin