Memory corruption

An issue was discovered in the derive-com-impl crate before 0.1.2 for Rust. An invalid reference and memory corruption can occur because AddRef might not be called before returning a pointer...

Design/Logic Flaw

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free...

Memory corruption

An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket unconditionally implements the Send and Sync traits...

Design/Logic Flaw

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free...

Code injection

An issue was discovered in the simpleasn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f...

Default configuration

An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result...

Memory corruption

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializebinary may read from uninitialized memory locations...

Memory corruption

An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::readexact may read from uninitialized memory locations...

Memory corruption

An issue was discovered in the ash crate before 0.33.1 for Rust. util::readspv may read from uninitialized memory locations...

Design/Logic Flaw

An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used...

Design/Logic Flaw

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. getformatinfo can cause a use-after-free...

Information disclosure

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

Design/Logic Flaw

An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur...

CVE-2021-45707

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups...

UBUNTU-CVE-2018-25026

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

Design/Logic Flaw

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. getcontext can cause a use-after-free...

UBUNTU-CVE-2018-25024

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...

UBUNTU-CVE-2018-25023

An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type...

UBUNTU-CVE-2018-25025

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption...

Rust 竞争条件问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust tokio crate versions prior to 1.8.4,1.9.x through 1.13.1 prior to 1.13.x, which can lead to memory corruption...