Browse all 10 CVE security advisories affecting rust-lang. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rust serves as a systems programming language focused on memory safety without garbage collection, commonly used for performance-critical applications like operating systems and browsers. Historically, it has faced vulnerabilities including remote code execution, use-after-free, and integer overflow issues, though memory safety features reduce certain classes of bugs. The language's design prevents entire categories of memory-related vulnerabilities, but 10 CVEs indicate potential risks in unsafe code blocks and third-party dependencies. Notable incidents include vulnerabilities in the standard library and ecosystem crates, though no major widespread breaches have been documented. Rust's security model prioritizes preventing memory corruption, though developers must still carefully audit unsafe code and dependencies.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-43402 | Rust OS Command Injection/Argument Injection vulnerability — rustCWE-78 | 8.2 | High | 2024-09-04 |
| CVE-2024-24576 | Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows — rustCWE-78 | 10.0 | Critical | 2024-04-09 |
| CVE-2022-21658 | Race condition in std::fs::remove_dir_all in rustlang — rustCWE-363 | 7.3 | High | 2022-01-20 |
This page lists every published CVE security advisory associated with rust-lang. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.