RUSTSEC-2026-0180

ADVISORY - rustsec

Summary

A malicious or compromised server can return a binary hstore value with an invalid internal length field, causing the client to panic while decoding it.

Applications that connect only to a trusted database are not exposed; the risk applies to clients that may connect to untrusted or user-supplied servers, or whose connection can be intercepted by a man-in-the-middle.

Common Weakness Enumeration (CWE)

Impacted images

Advisories

RustSec

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY IDRUSTSEC-2026-0180⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.9medium