CVE-2020-35864

An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. readscalar and readscalarat can transmute values without unsafe blocks...

CVE-2020-35860

An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code...

CVE-2020-35878

An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory...

CVE-2020-36458

An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult, there is an implementation of Sync with a trait bound of T: Send, E: Send...

CVE-2020-36513

An issue was discovered in the accreader crate through 2020-12-27 for Rust. readupto may read from uninitialized memory locations...

CVE-2020-36459

An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore...

CVE-2020-36445

An issue was discovered in the convec crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for ConVec...

CVE-2020-28247

The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs...

CVE-2020-25792

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair...

CVE-2020-25794

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic...

CVE-2020-25793

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From...

CVE-2020-25016

A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to for example dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations...

CVE-2018-25023

An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type...

CVE-2018-25027

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. getformatinfo can cause a use-after-free...

CVE-2018-25024

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...

CVE-2019-25054

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...

CVE-2019-16140

An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion...

CVE-2019-15544

An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls...

CVE-2019-15548

An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled...

CVE-2019-15547

An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled...