9529 matches found
CVE-2023-53156
The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...
CVE-2023-53156
The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...
CVE-2024-58264
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
CVE-2024-58264
The CVE-2024-58264 entry concerns the Rust crate serde-json-wasm prior to 1.0.1, where deeply nested JSON data can cause stack consumption/overflow. Reported impacts include potential denial of service via stack exhaustion; some sources describe the issue as a stack overflow during recursive JSON...
CVE-2024-58264
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
CVE-2024-58265
The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...
CVE-2024-58261
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type...
CVE-2024-58263
The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations...
CVE-2024-58263
CVE-2024-58263 concerns the cosmwasm-std crate prior to version 2.0.2 for Rust, which allows integer overflows that can lead to incorrect contract calculations. The vulnerability stems from wrapping arithmetic used in core operations, potentially causing miscalculations in smart contracts that re...
CVE-2024-58263
The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations...
snow crate 安全漏洞
snow crate is a Rust implementation of the Noise Protocol Framework by the individual developer Jake McGinty. A security vulnerability exists in snow crate versions prior to 0.9.5, which stems from the use of stateful TransportState that can lead to message delivery rejection...
CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
CVE-2023-53157
CVE-2023-53157 affects the Rosenpass crate for Rust; versions before 0.2.1 are vulnerable. A crafted single-byte UDP packet can trigger a panic, enabling remote attackers to cause a denial of service. The available connected and primary sources consistently describe this behavior and impact as a ...
CVE-2023-53157
The rosenpass crate before 0.2.1 for Rust allows remote attackers to cause a denial of service panic via a one-byte UDP packet...
curve25519-dalek crate 安全漏洞
curve25519-dalek crate is a Rust library from dalek cryptography open source. A security vulnerability exists in curve25519-dalek crate versions prior to 4.1.3, which stems from the possibility of disclosing private keys and other secrets...
CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
CVE-2024-58262
The CVE-2024-58262 issue affects the curve25519-dalek Rust crate prior to version 4.1.3, where a constant-time operation on elliptic curve scalars is removed by LLVM. This timing-related behavior can impact confidentiality and is classified with a MEDIUM severity (NVD CVSS 3.1: 5.1). Public refer...
CVE-2024-58266
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
CVE-2024-58266
The CVE-2024-58266 entry concerns the shlex crate for Rust, affected in versions before 1.2.1. The root cause is that unquoted and unescaped instances of the characters { and �a0 may be processed in command arguments, potentially enabling command injection. Impact is described as high in network-...
CVE-2024-58266
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...