Search CVE reports
1 – 3 of 3 results
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability...
19 affected packages
cargo, rustc, rustc-1.62, rustc-1.74, rustc-1.76...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| rustc | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rustc-1.62 | Not in release | Not in release | Needs evaluation | — | — |
| rustc-1.74 | Not in release | Needs evaluation | Not in release | — | — |
| rustc-1.76 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rustc-1.77 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rustc-1.78 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rustc-1.79 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rustc-1.80 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rustc-1.81 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.82 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.83 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.84 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.85 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.88 | Not in release | Not in release | Not in release | — | — |
| rustc-1.89 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.91 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| rustc-1.92 | Needs evaluation | Not in release | Not in release | — | — |
| rustc-1.93 | Needs evaluation | Not in release | Not in release | — | — |
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an...
19 affected packages
cargo, rustc, rustc-1.62, rustc-1.74, rustc-1.76...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| rustc | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rustc-1.62 | Not in release | Not in release | Needs evaluation | — | — |
| rustc-1.74 | Not in release | Needs evaluation | Not in release | — | — |
| rustc-1.76 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rustc-1.77 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rustc-1.78 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rustc-1.79 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rustc-1.80 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| rustc-1.81 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.82 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.83 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.84 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.85 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.88 | Not in release | Not in release | Not in release | — | — |
| rustc-1.89 | Not in release | Needs evaluation | Needs evaluation | — | — |
| rustc-1.91 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| rustc-1.92 | Needs evaluation | Not in release | Not in release | — | — |
| rustc-1.93 | Needs evaluation | Not in release | Not in release | — | — |
Some fixes available 34 of 53
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a...
23 affected packages
cargo, rust-astral-tokio-tar, rust-async-tar, rust-cargo-c, rust-tar...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| rust-astral-tokio-tar | Needs evaluation | Not in release | Not in release | — | — |
| rust-async-tar | Not in release | Needs evaluation | Not in release | — | — |
| rust-cargo-c | Not affected | Needs evaluation | Not in release | — | — |
| rust-tar | Not affected | Fixed | Fixed | Needs evaluation | — |
| rustc | Not in release | Fixed | Fixed | Needs evaluation | Needs evaluation |
| rustc-1.62 | Not in release | Not in release | Fixed | — | — |
| rustc-1.74 | Not in release | Fixed | Not in release | — | — |
| rustc-1.76 | Not in release | Fixed | Fixed | Needs evaluation | — |
| rustc-1.77 | Not in release | Fixed | Fixed | Needs evaluation | — |
| rustc-1.78 | Not in release | Fixed | Fixed | Needs evaluation | — |
| rustc-1.79 | Not in release | Fixed | Fixed | Needs evaluation | — |
| rustc-1.80 | Not in release | Fixed | Fixed | Needs evaluation | — |
| rustc-1.81 | Not in release | Fixed | Fixed | — | — |
| rustc-1.82 | Not in release | Fixed | Fixed | — | — |
| rustc-1.83 | Not in release | Fixed | Fixed | — | — |
| rustc-1.84 | Not in release | Fixed | Fixed | — | — |
| rustc-1.85 | Not in release | Fixed | Fixed | — | — |
| rustc-1.88 | Not in release | Not in release | Not in release | — | — |
| rustc-1.89 | Not in release | Fixed | Fixed | — | — |
| rustc-1.91 | Not affected | Fixed | Fixed | — | — |
| rustc-1.92 | Not affected | Not in release | Not in release | — | — |
| rustc-1.93 | Not affected | Not in release | Not in release | — | — |