6 matches found
diesel-async may expose uninitialized padding bytes for MySQL temporal columns
Summary diesel-async exposes uninitialized stack padding to safe code on every read of a MySQL DATE, TIME, DATETIME, or TIMESTAMP column. Reading that buffer is undefined behavior, and the leaked bytes can contain stale heap/stack contents, so this is both a soundness bug and a potential...
GHSA-FF9Q-RM55-Q7QR diesel-async may expose uninitialized padding bytes for MySQL temporal columns
Summary diesel-async exposes uninitialized stack padding to safe code on every read of a MySQL DATE, TIME, DATETIME, or TIMESTAMP column. Reading that buffer is undefined behavior, and the leaked bytes can contain stale heap/stack contents, so this is both a soundness bug and a potential...
armature-diesel (=0.1.0), authzen-diesel (=0.1.0-alpha.0) +12 more potentially affected by unknown CVE via diesel-async (>=0.1.1 <=0.5.2)
diesel-async CARGO version =0.1.1, =0.1.0, =0.17.0, =0.17.0, =0.17.0, =0.11.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: OSV:GHSA-FF9Q-RM55-Q7QR...
RUSTSEC-2026-0138 Unsound access to padding bytes while serializing date/time values using the Mysql backend
Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...
armature-diesel (=0.1.0), authzen-diesel (=0.1.0-alpha.0) +12 more potentially affected by unknown CVE via diesel-async (>=0.1.1 <=0.5.2)
diesel-async CARGO version =0.1.1, =0.1.0, =0.17.0, =0.17.0, =0.17.0, =0.11.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0138...
Unsound access to padding bytes while serializing date/time values using the Mysql backend
Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...