Design/Logic Flaw

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. createaggregatefunction has a use-after-free...

CVE-2018-25024

CVE-2018-25024 (actix-web) affects the actix-web crate prior to 0.7.15 (Rust). The issue allows unsoundly coercing an immutable reference into a mutable reference, causing memory corruption. Severity is high (NVD CVSS v3.1: 9.8, CRITICAL; CVSS v2: 7.5, HIGH). The provided documents do not specify...

CVE-2018-25024

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...

CVE-2018-25025

CVE-2018-25025 affects the Rust actix-web crate before version 0.7.15, where it can unsoundly extend the lifetime of a string, leading to memory corruption. The issue is documented with high/critical impact (NVD: CVSS v2 7.5 HIGH; CVSS v3.1 9.8 CRITICAL) and is associated with a network attack su...

CVE-2018-25026

CVE-2018-25026 affects the Rust crate actix-web (before 0.7.15). The vulnerability allows an object that cannot be sent between threads to be marked as Send, enabling memory corruption. This is a Rust web framework issue identified in multiple sources; the core of the problem is the incorrect Sen...

CVE-2018-25027

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. getformatinfo can cause a use-after-free...

CVE-2018-25027

CVE-2018-25027 affects the Rust libpulse-binding crate prior to 1.2.1. The issue is a use-after-free in objects returned by get_format_info (and get_context per related advisories), leading to potential memory safety problems in PulseAudio bindings. Affected component: libpulse-binding (Rust crat...

CVE-2018-25028

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. getcontext can cause a use-after-free...

CVE-2018-25028

CVE-2018-25028 affecting the Rust libpulse-binding crate prior to 1.2.1. The issue is a use-after-free in get_context (memory corruption risk) due to improper handling of underlying C objects. Public sources consistently describe this as a use-after-free vulnerability in the library, with multipl...

CVE-2019-25054

CVE-2019-25054 affects the Rust pnet crate prior to 0.27.2. The issue causes a segmentation fault when dereferencing an uninitialized descriptor due to an erroneous IcmpTransportChannelIterator compiler optimization. The practical impact is a crash; remediation is to upgrade to 0.27.2 or later (w...

CVE-2019-25055

The CVE-2019-25055 entry concerns the libpulse-binding crate for Rust (pre-2.6.0). The issue is a panic that is mishandled across an FFI boundary, causing undefined behavior. Affected versions prior to 2.6.0 expose a boundary error in the FFI during panic propagation; this is the underlying root ...

CVE-2020-36511

CVE-2020-36511 affects the Rust bite crate (through 2020-12-31). The issue is in read::BiteReadExpandedExt::read_framed_max, which may read from uninitialized memory, causing undefined behavior/memory corruption. Multiple connected sources (NVD/NVD-derived entries, RustSec advisories, OSV entries...

CVE-2020-36511

An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::readframedmax may read from uninitialized memory locations...

CVE-2020-36512

The CVE-2020-36512 entry concerns the Rust crate buffoon (through 2020-12-31). Affected code path: InputStream::read_exact may read from uninitialized memory, causing undefined behavior and potential memory exposure. Documented in multiple feeds (NVD, Red Hat, OSV, CNVD, etc.) with UB implication...

CVE-2020-36513

CVE-2020-36513 concerns the Rust crate acc_reader (up to 2020-12-27) where the read_up_to function may read from uninitialized memory locations. Multiple connected advisories (including GHSA entries and national/DNS variants) describe uninitialized buffers being exposed through Read implementatio...

CVE-2020-36513

An issue was discovered in the accreader crate through 2020-12-27 for Rust. readupto may read from uninitialized memory locations...

CVE-2020-36514

The CVE-2020-36514 issue affects the acc_reader crate for Rust (through 2020-12-27). The vulnerability is that fill_buf (and related read_up_to paths) may read from uninitialized memory, allowing potential memory exposure. Multiple connected advisories (OSV GHSA entries, Red Hat and CNVD entries,...

CVE-2020-36514

An issue was discovered in the accreader crate through 2020-12-27 for Rust. fillbuf may read from uninitialized memory locations...

CVE-2021-45680

An issue was discovered in the vec-const crate before 2.0.0 for Rust. It tries to construct a Vec from a pointer to a const slice, leading to memory corruption...

CVE-2021-45680

CVE-2021-45680 concerns the vec-const crate (Rust) prior to 2.0.0, where a vector is constructed from a pointer to a const slice, leading to memory corruption. Several sources (OSV/RUSTSEC and CVE records) confirm the affected component and the root cause. Impact is memory corruption; exact explo...