CVE-2021-45705

The CVE-2021-45705 entry affects the Rust nanorand crate, specifically versions before 0.6.1. The root cause is that the TlsWyRand Deref implementation dereferences a raw pointer, which can yield multiple mutable references to the same object and results in undefined behavior. Impact described in...

CVE-2021-45705

An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer...

CVE-2021-45706

CVE-2021-45706 refers to a memory-zeroing flaw in the Rust crate zeroize_derive prior to version 1.1.1, where dropped memory for enum types is not zeroed. Public advisories (e.g., GHSA-C5HX-W945-J4PQ, RUSTSEC-2021-0115) confirm the issue affects enums when using #[zeroize(drop)]. The vulnerabilit...

CVE-2021-45707

CVE-2021-45707 affects the nix crate (Rust) versions 0.16.0 and later, with fixes in 0.20.2, 0.21.2, and 0.22.2 or later. The vulnerability is an out-of-bounds write in unistd::getgrouplist when a user belongs to more than 16 /etc/groups groups, which can lead to memory corruption. The issue stem...

CVE-2021-45707

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups...

CVE-2021-45707

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups...

CVE-2021-45708

An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass...

CVE-2021-45708

CVE-2021-45708 concerns the abomonation crate for Rust, where unconstrained transmute operations can leak information or bypass ASLR. The issue arises from the core use of transmute within abomonation’s serialization/deserialization paths and can affect alignment guarantees, potentially exposing ...

CVE-2021-45709

An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur...

CVE-2021-45709

CVE-2021-45709 affects the crypto2 crate for Rust up to 2021-10-08, where during ChaCha20 encryption/decryption an unaligned read of a u32 may occur. Related sources (OSV/GHSA/RUSTSEC) describe the root cause as incorrect assumptions about 4-byte alignment in an unsafe slice::from_raw_parts_mut c...

CVE-2021-45710

CVE-2021-45710 affects the tokio crate for Rust, in versions prior to 1.8.4 and 1.9.x–1.13.x prior to 1.13.1, where a data race in certain conditions involving a closed oneshot channel can cause memory corruption. The provided documents specify the issue and impacted version ranges but do not inc...

CVE-2021-45710

An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption...

CVE-2021-45711

The CVE-2021-45711 entry concerns the Rust crate simple_asn1, specifically versions before 0.6.1. The vulnerability arises in parsing UTCTime: if data provided by a remote attacker contains a second character greater than 0x7f, a panic occurs. This is documented as a panic during parsing (e.g., i...

CVE-2021-45711

An issue was discovered in the simpleasn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f...

CVE-2021-45712

An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode...

CVE-2021-45712

The CVE-2021-45712 entry affects the rust-embed crate for Rust prior to 6.3.0. In debug mode, the generated Asset::get path traversal vulnerability occurs when the input path isn’t properly constrained, allowing ‘..’ segments to access files outside the assets folder. Documented analyses (OSV/RUS...

CVE-2021-45713

Summary ( CVE-2021-45713 / rusqlite ) : The vulnerability concerns the Rust rusqlite crate versions 0.25.x before 0.25.4 and 0.26.x before 0.26.2, where several closure/callback APIs (including create_scalar_function, create_aggregate_function, create_window_function, and related hooks) have a us...

CVE-2021-45713

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. createscalarfunction has a use-after-free...

CVE-2021-45714

Summary: Several OSV and advisory records confirm a use-after-free in the rusqlite crate for Rust, affecting 0.25.x before 0.25.4 and 0.26.x before 0.26.2. The issues concern multiple callback-registration paths and related closures (e.g., create_aggregate_function, create_scalar_function, create...

CVE-2021-45714

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. createaggregatefunction has a use-after-free...