Rust
Monthly
Rust Yamux prior to version 0.13.10 is vulnerable to denial of service when processing specially crafted inbound stream frames that combine the SYN flag with oversized body lengths, causing the connection handler to panic due to improper state cleanup. An unauthenticated remote attacker can trigger this panic over any normal Yamux session without special privileges, crashing affected applications. No patch is currently available for this high-severity vulnerability.
Integer overflow in Rust's Yamux implementation allows unauthenticated remote attackers to crash target nodes by sending specially crafted WindowUpdate frames that trigger arithmetic overflow in stream send-window accounting. An attacker can establish a Yamux session and transmit malicious frames without authentication, causing a panic in the connection state machine and resulting in denial of service. A patch is available to address this high-severity vulnerability.
Privilege escalation vulnerability in the Rust 'users' crate that incorrectly includes the root group in access control lists when a user or process has fewer than 1024 groups. An authenticated local attacker with low privileges can exploit this flaw to gain unauthorized access to resources restricted to the root group, achieving privilege escalation. The vulnerability requires local access and existing user privileges but has high impact on confidentiality and integrity.
Double-free vulnerability in crossbeam-channel Rust crate's Channel Drop implementation allows memory corruption via a race condition during cleanup, affecting remote network applications that depend on this widely-used concurrency library. The vulnerability requires no authentication or user interaction and can be triggered by unauthenticated remote attackers in networked Rust applications using vulnerable versions. No public exploit code has been identified at the time of analysis, though the issue presents a moderate real-world risk due to the library's prevalence in production Rust ecosystems and the EPSS score of 0.38% indicating low exploitation likelihood.
Command injection via Windows CreateProcess argument parsing affects multiple language runtimes and tooling (Node.js, PHP, Rust, Haskell process library, yt-dlp) that wrap the API without compensating for its quirks. Remote attackers can smuggle additional commands through arguments passed to child processes when applications spawn batch files or otherwise rely on CreateProcess's implicit cmd.exe handling. Publicly available exploit code exists and EPSS of 7.09% (92nd percentile) signals elevated, though not confirmed in-the-wild, exploitation interest; this CVE is not listed in CISA KEV.
Rust Yamux prior to version 0.13.10 is vulnerable to denial of service when processing specially crafted inbound stream frames that combine the SYN flag with oversized body lengths, causing the connection handler to panic due to improper state cleanup. An unauthenticated remote attacker can trigger this panic over any normal Yamux session without special privileges, crashing affected applications. No patch is currently available for this high-severity vulnerability.
Integer overflow in Rust's Yamux implementation allows unauthenticated remote attackers to crash target nodes by sending specially crafted WindowUpdate frames that trigger arithmetic overflow in stream send-window accounting. An attacker can establish a Yamux session and transmit malicious frames without authentication, causing a panic in the connection state machine and resulting in denial of service. A patch is available to address this high-severity vulnerability.
Privilege escalation vulnerability in the Rust 'users' crate that incorrectly includes the root group in access control lists when a user or process has fewer than 1024 groups. An authenticated local attacker with low privileges can exploit this flaw to gain unauthorized access to resources restricted to the root group, achieving privilege escalation. The vulnerability requires local access and existing user privileges but has high impact on confidentiality and integrity.
Double-free vulnerability in crossbeam-channel Rust crate's Channel Drop implementation allows memory corruption via a race condition during cleanup, affecting remote network applications that depend on this widely-used concurrency library. The vulnerability requires no authentication or user interaction and can be triggered by unauthenticated remote attackers in networked Rust applications using vulnerable versions. No public exploit code has been identified at the time of analysis, though the issue presents a moderate real-world risk due to the library's prevalence in production Rust ecosystems and the EPSS score of 0.38% indicating low exploitation likelihood.
Command injection via Windows CreateProcess argument parsing affects multiple language runtimes and tooling (Node.js, PHP, Rust, Haskell process library, yt-dlp) that wrap the API without compensating for its quirks. Remote attackers can smuggle additional commands through arguments passed to child processes when applications spawn batch files or otherwise rely on CreateProcess's implicit cmd.exe handling. Publicly available exploit code exists and EPSS of 7.09% (92nd percentile) signals elevated, though not confirmed in-the-wild, exploitation interest; this CVE is not listed in CISA KEV.