CNNVD-202508-3481 Information

CNNVD ID

CNNVD-202508-3481

Related CVE

CVE-2025-58160

• CNNVD Published: 2025-08-29

Description (Chinese)

tracing是Tokio开源的一个应用软件。 tracing 0.3.20之前版本存在安全漏洞，该漏洞源于ANSI转义序列注入，可能导致终端操纵。

Description (English)

Tracing is an application from Tokio Open Source. There is a security loophole in the pre-tracing 0.3.20 version, which originates from the injection of ANSI conversion sequences, which may lead to terminal manipulation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Tokio

Published

2025-08-29

Last Modified

2026-02-24

References

https://github.com/tokio-rs/tracing/security/advisories/GHSA-xwfj-jgwm-7wp5 https://vigilance.fr/vulnerability/Rust-tracing-subscriber-write-access-via-ANSI-Escape-Sequence-Injection-48140 https://nvd.nist.gov/vuln/detail/CVE-2025-58160

Patch

https://github.com/tokio-rs/tracing