Vulnerability Database
296,760
Total vulnerabilities in the database
Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety
The API of xcb::Connection has constructors which allow an arbitrary RawFd to be used as a socket connection. On either failure of these constructors or on the drop of Connection, it closes the associated file descriptor. Thus, a program which uses an OwnedFd (such as a UnixStream) as the file descriptor can close the file descriptor and continue to attempt using it or close an already-closed file descriptor, violating I/O safety.
Starting in version 1.6.0, xcb provides Connection::connect_with_fd and Connection::connect_with_fd_and_extensions as safe alternatives and deprecates the problematic functions.
| Software | From | Fixed in |
|---|---|---|
xcb
|
- | 1.6.0 |
- https://github.com/rust-x-bindings/rust-xcb/commit/da830976870c1174e3b33eb0643177be3991c002
- https://github.com/rust-x-bindings/rust-xcb/issues/167
- https://github.com/rust-x-bindings/rust-xcb/issues/282
- https://github.com/rust-x-bindings/rust-xcb/pull/283
- https://github.com/rustsec/advisory-db/pull/2355
- https://rustsec.org/advisories/RUSTSEC-2025-0051.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime