Mozilla Rust has an unspecified vulnerability (CNVD-2022-03122)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A security vulnerability exists in versions of Mozilla Rust molecule crate prior to 0.7.2, which stems from incorrect results read by FixVec. No details of the vulnerability are currently available...

Mozilla Rust rusqlite crate memory corruption vulnerability

Mozilla Rust rusqlite crate is an ergonomic wrapper for using SQLite from Rust. it attempts to expose a rust-postgres-like interface. mozilla rust rusqlite crate versions 0.25.4 before 0.25.x and 0.26. 2 prior to 0.26.x versions have a security vulnerability that stems from a resource management...

Rust raw-cpuid crate has an unspecified vulnerability

Rust raw-cpuid crate is a library for parsing x86 CPUID instructions, written in rust, with no external dependencies. The implementation is very similar to the Intel CPUID manual description. The library only depends on libcore. versions prior to Rust raw-cpuid crate 9.1.1 have security...

DEBIAN-CVE-2021-45710

An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption...

CVE-2021-45711

An issue was discovered in the simpleasn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f...

CVE-2021-45710

An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption...

CVE-2021-45711

An issue was discovered in the simpleasn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f...

CVE-2021-45700

An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service Nervos CKB blockchain node crash via a dead call that is used as a DepGroup...

CVE-2021-45704

An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket unconditionally implements the Send and Sync traits...

CVE-2021-45707

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups...

CVE-2021-45687

An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used which is not the the default, a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic...

CVE-2021-45695

An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass...

CVE-2021-45698

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

CVE-2021-45692

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializeextensionothers may read from uninitialized memory locations...

CVE-2021-45701

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free...

CVE-2021-45694

An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations...

CVE-2021-45706

An issue was discovered in the zeroizederive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum...

CVE-2021-45702

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free...

CVE-2021-45693

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializestringprimitive may read from uninitialized memory locations...

CVE-2021-45689

An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfxauxil::readspirv may read from uninitialized memory locations...