CVE-2019-25007

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic...

CVE-2019-25002

An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...

CVE-2019-25006

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer...

CVE-2019-25004

An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness...

CVE-2019-16139

An issue was discovered in the compactarena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read...

CVE-2018-25001

An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free...

CVE-2019-15543

An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases...

CVE-2019-15546

An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities...

CVE-2019-15545

An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures...

CVE-2019-15550

An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary...

CVE-2018-20990

An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive...

CVE-2019-1010182

yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::loadfromstr function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later...

CVE-2019-15549

An issue was discovered in the asn1der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field...

CVE-2018-20997

An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing...

CVE-2018-20993

An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization...

CVE-2018-20989

An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic...

CVE-2018-20991

An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free...

CVE-2018-20992

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled...

CVE-2018-20995

An issue was discovered in the slice-deque crate before 0.1.16 for Rust. moveheadunchecked allows memory corruption because deque updates are mishandled...

CVE-2017-18588

An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates...