CVE-2021-45692

The CVE-2021-45692 issue affects the Rust crate messagepack-rs. Affected component: deserialize_extension_others (and related paths like deserialize_binary, deserialize_string, deserialize_string_primitive) may read from uninitialized memory locations, potentially causing undefined behavior or me...

CVE-2021-45693

The CVE-2021-45693 entry concerns the Rust crate messagepack-rs (through 2021-01-26). The vulnerability affects the deserialize_string_primitive function, which may read from uninitialized memory locations, potentially leading to memory corruption. Public references include Red Hat and OSV entrie...

CVE-2021-45693

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializestringprimitive may read from uninitialized memory locations...

CVE-2021-45694

The CVE-2021-45694 issue affects the Rust rdiff crate, with vulnerability described as a window may read from uninitialized memory locations. Multiple connected records (OSV entries, GitHub advisory GHSA- codes, CNVD/CNNVD, NVD, and RustSec references) corroborate that the defect involves reading...

CVE-2021-45694

An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations...

CVE-2021-45695

CVE-2021-45695 concerns the Rust crate mopa, which redefines the deprecated TraitObject to downcast trait objects. The core issue is reliance on the memory layout of &dyn Trait, risking memory-layout changes by the compiler and enabling scenarios such as ASLR bypass or even arbitrary code executi...

CVE-2021-45696

CVE-2021-45696 pertains to the Rust sha2 crate, specifically version 0.9.7 before 0.9.8. The issue arises when the AVX2-accelerated backend is automatically enabled on x86/x86_64 targets, causing hashes of long messages to be incorrect. Public reports in OSV and CVE records confirm the root cause...

CVE-2021-45696

An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used...

CVE-2021-45697

An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result...

CVE-2021-45697

Summary: CVE-2021-45697 affects the Rust crate molecule prior to 0.7.2. The root cause is an incorrect result in a FixVec partial read, leading to incorrect read lengths/results. The vulnerability is tied to the FixVec handling in molecule, with impact described as incorrect read behavior; exploi...

CVE-2021-45698

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

CVE-2021-45698

The CVE-2021-45698 issue affects the Rust crate ckb prior to 0.40.0. The get_block_template RPC may fail when it should select a higher-fee transaction, impacting block template construction. The vulnerability is described consistently across sources (NVD/Red Hat and related advisories) as a get_...

CVE-2021-45699

CVE-2021-45699 affects the Rust crate ckb (pre-0.40.0). The issue allows remote attackers to trigger an inability to allocate memory for the misbehavior HashMap, potentially enabling a 51% attack against the Nervos CKB blockchain. The root cause is memory management for the HashMap used to track ...

CVE-2021-45700

CVE-2021-45700 describes a DoS in the Rust-CKB crate (ckb) prior to version 0.40.0. The vulnerability allows an attacker to crash Nervos CKB blockchain nodes by triggering a dead call used as a DepGroup, leading to node instability or service disruption. Affected software: ckb crate before 0.40.0...

CVE-2021-45701

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free...

CVE-2021-45701

CVE-2021-45701 affects the tremor-script crate for Rust prior to 0.11.6, where a patch/merge operation could yield a use-after-free due to in-place optimization that reused memory from the event data. The vulnerability is described across multiple feeds (e.g., OSV entries for tremor-script and re...

CVE-2021-45702

The CVE-2021-45702 issue affects the tremor-script Rust crate prior to 0.11.6. A memory-safety flaw arises when performing a Merge or Patch and assigning the result back to the same state, where in-place optimization can leave references to data that has been freed. The root cause is the Value re...

CVE-2021-45703

The CVE-2021-45703 entry concerns the Rust crate tectonic_xdv (pre-0.1.12). The issue is that XdvParser::::process may read from uninitialized memory locations, which can lead to undefined behavior. Affected versions are before 0.1.12; the fixed version is 0.1.12. No exploit details are provided ...

CVE-2021-45704

An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket unconditionally implements the Send and Sync traits...

CVE-2021-45704

CVE-2021-45704 affects the Rust metrics-util crate prior to 0.7.0. The issue is a data race and potential memory corruption caused by AtomicBucket unconditionally implementing Send/Sync, which allows concurrent access to inner data that may not be Sync. Public advisories (Red Hat, OSV, GitHub, CN...