2018

  • RUSTSEC-2018-0007: trust-dns-proto: Stack overflow when parsing malicious DNS packet

  • RUSTSEC-2018-0006: yaml-rust: Uncontrolled recursion leads to abort in deserialization

  • RUSTSEC-2018-0005: serde_yaml: Uncontrolled recursion leads to abort in deserialization

  • RUSTSEC-2018-0004: claxon: Malicious input could cause uninitialized memory to be exposed

  • RUSTSEC-2018-0003: smallvec: Possible double free during unwinding in SmallVec::insert_many

  • RUSTSEC-2018-0002: tar: Links in archives can overwrite any existing file

  • RUSTSEC-2018-0001: untrusted: An integer underflow could lead to panic

  • 2017

  • RUSTSEC-2017-0005: cookie: Large cookie Max-Age values can cause a denial of service

  • RUSTSEC-2017-0004: base64: Integer overflow leads to heap-based buffer overflow in encode_config_buf

  • RUSTSEC-2017-0003: security-framework: Hostname verification skipped when custom root certs used

  • RUSTSEC-2017-0001: sodiumoxide: scalarmult() vulnerable to degenerate public keys

  • RUSTSEC-2017-0002: hyper: headers containing newline characters can split messages

  • 2016

  • RUSTSEC-2016-0001: openssl: SSL/TLS MitM vulnerability due to insecure defaults

  • RUSTSEC-2016-0002: hyper: HTTPS MitM vulnerability due to lack of hostname verification