222 matches found
CVE-2022-29185 Observable Timing Discrepancy in totp-rs
totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...
CVE-2022-29185
CVE-2022-29185 affects the Rust library totp-rs. Prior to version 1.1.0, token comparison was not constant time, which could theoretically allow guessing a TOTP token value and reusing it within the same time window, assuming the attacker knew the password. Patch 1.1.0 introduces a constant-time ...
CVE-2022-29185 Observable Timing Discrepancy in totp-rs
totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...
BeerHolderBot (>=0.1.0 <=0.3.6), GetPDB (>=0.1.0 <=1.0.1) +5225 more potentially affected by unknown CVE via hyper (>=0.0.1 <=0.14.11)
hyper CARGO version =0.0.1, =0.1.0, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.7-alpha.3, =0.2.0-alpha.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0022...
ably (=0.1.0), acid-store (>=0.1.0 <=0.13.0) +416 more potentially affected by unknown CVE via rmp-serde (>=0.14.4 <=0.15.5)
rmp-serde CARGO version =0.14.4, =0.1.0, =0.4.3, =0.1.0, =0.8.0, =0.0.1, =0.0.2, =1.1.0, =1.0.1, =0.2.0, =0.3.0 - algonautcore =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0092...
The vulnerability of the Rust stack generator library “Generator-rs” lies in improper type conversion, which allows attackers to trigger a service failure.
The vulnerability of the Rust generator library, Generator-rs, is related to the lack of restrictions on the use of types that are not of the Send type. Exploiting this vulnerability allows a remote attacker to cause a service failure...
GHSA-P4CR-64X4-F92F Use of Uninitialized Resource in acc_reader.
An issue was discovered in the accreader crate through 2020-12-27 for Rust. fillbuf may read from uninitialized memory locations...
GHSA-V2CH-FC8F-QM33 Use of Uninitialized Resource in bite.
An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::readframedmax may read from uninitialized memory locations...
GHSA-2RXC-8F9W-FJQ8 Window may read from uninitialized memory locations in rdiff
An issue was discovered in the rdiff crate through version 0.1.2 for Rust. Window may read from uninitialized memory locations...
Unspecified vulnerability exists in Rust acc_reader crate (CNVD-2022-04013)
Rust accreader crate is a structure that provides an AccReader that wraps an arbitrary instance of std::io::Read and provides an implementation of std::io::Seek for it. Readupto can read data from an uninitialized memory location. No details of the vulnerability are currently available...
CVE-2021-45711
An issue was discovered in the simpleasn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f...
CVE-2021-45694
An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations...
CVE-2021-45700
An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service Nervos CKB blockchain node crash via a dead call that is used as a DepGroup...
CVE-2021-45701
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free...
CVE-2021-45687
An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used which is not the the default, a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic...
CVE-2021-45689
An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfxauxil::readspirv may read from uninitialized memory locations...
CVE-2021-45702
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free...
CVE-2021-45682
An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations...
[SECURITY] Fedora 34 Update: rust-tiny_http0.6-0.6.4-1.fc34
Low level HTTP server library...
Wrong type for `Linker`-define functions when used across two `Engine`s
Impact As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of...