Rust Language Security
execrices: rust-ctf
| ID | RUSTSEC-ID | CVE-ID | Description | Writeup |
|---|---|---|---|---|
| RUSTSEC-2022-0001 | CVE-2022-21658 | std::fs::remove_dir_allstandard library function is vulneable a race condition enabling symlink following (CWE-363). |
||
| RUSTSEC-2021-0001 | CVE-2020-26297 | XSS in mdBook's search page | mdBook搜索界面的XSS | |
| CVE-2019-1010299 | Obtain Information | None | ||
| CVE-2019-16760 | Cargo download the wrong dependency | None | ||
| CVE-2019-12083 | IOverflow | None | ||
| CVE-2018-1000810 | Integer Overflow to Buffer Overflow | None | ||
| CVE-2018-1000657 | Buffer Overflow | None | ||
| CVE-2018-1000622 | Uncontrolled Search Path Element | None | ||
| 14 | CVE-2017-20004 | MutexGuard<Cell> must not be Sync | None | |
| 13 | RUSTSEC-2017-0007 | lz4-compress is unmaintained | None | |
| 12 | RUSTSEC-2017-0006 | Unchecked vector pre-allocation | None | |
| 11 | RUSTSEC-2017-0005 | CVE-2017-18589 | Large cookie Max-Age values can cause a denial of service | None |
| 10 | RUSTSEC-2017-0004 | CVE-2017-1000430 | Integer overflow leads to heap-based buffer overflow in encode_config_buf | None |
| 9 | RUSTSEC-2017-0003 | CVE-2017-18588 | Hostname verification skipped when custom root certs used | None |
| 8 | RUSTSEC-2017-0002 | CVE-2017-18587 | headers containing newline characters can split messages | None |
| 7 | RUSTSEC-2017-0001 | CVE-2017-10001683 | scalarmult() vulnerable to degenerate public keys | None |
| 6 | RUSTSEC-2016-0006 | cassandra crate is unmaintained; use cassandra-cpp instead | None | |
| 5 | RUSTSEC-2016-0005 | rust-crypto is unmaintained; switch to a modern alternative | None | |
| 4 | RUSTSEC-2016-0004 | libusb is unmaintained; use rusb instead | None | |
| 3 | RUSTSEC-2016-0003 | CVE-2016-10933 | HTTP download and execution allows MitM RCE | None |
| 2 | RUSTSEC-2016-0002 | CVE-2016-10932 | HTTPS MitM vulnerability due to lack of hostname verification | None |
| 1 | RUSTSEC-2016-0001 | CVE-2016-10931 | SSL/TLS MitM vulnerability due to insecure defaults | None |
| 0 | CVE-2015-20001 | Panic safety violation in BinaryHeap | None |