GHSA-37JJ-WP7G-7WJ4 Read of uninitialized memory in cdr

An issue was discovered in Deserializer::readvec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness...

Read of uninitialized memory in cdr

An issue was discovered in Deserializer::readvec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness...

bellperson (>=0.3.4 <=0.15.0), ff-cl-gen (>=0.1.0 <=0.3.0) +10 more potentially affected by CVE-2021-25908 via fil-ocl (=0.19.6)

fil-ocl CARGO version =0.19.6 is affected by a known vulnerability. The following packages have a transitive dependency on fil-ocl and may be impacted: - bellperson =0.3.4, =0.1.0, =5.0.0, =5.0.0, =2.3.0, =0.1.0, =0.1.0, =5.0.0, =5.4.0, =5.0.0, =5.0.0, =0.1.1, =0.1.2 Source cves: CVE-2021-25908...

GHSA-X3V2-FGR6-3WMM Double free in fil-ocl

An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From can lead to a double free...

Double free in fil-ocl

An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From can lead to a double free...

Out of bounds read in lazy-init

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race...

GHSA-GH87-6JR3-8Q47 Null pointer deference in cache

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced...

GHSA-352P-RHVQ-7G78 Null pointer deference in av-data

An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault...

Null pointer deference in av-data

An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault...

GHSA-J8QQ-58CR-8CC7 Out of bounds read in bra

Buffered Random Access BRA provides easy random memory access to a sequential source of data in Rust. This is achieved by greedily retaining all memory read from a given source. Buffered Random Access BRA provides easy random memory access to a sequential source of data in Rust. An issue was...

Out of bounds read in bra

Buffered Random Access BRA provides easy random memory access to a sequential source of data in Rust. This is achieved by greedily retaining all memory read from a given source. Buffered Random Access BRA provides easy random memory access to a sequential source of data in Rust. An issue was...

GHSA-XMR7-V725-2JJR Cross site scripting in comrak

An issue was discovered in the comrak crate before 0.9.1 for Rust. Cross site scripting XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...

Cross site scripting in comrak

An issue was discovered in the comrak crate before 0.9.1 for Rust. Cross site scripting XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...

GHSA-GPPW-3H6H-V6Q2 Data race in internment

An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern...

GHSA-8FGG-5V78-6G76 Deserializing an array can free uninitialized memory in byte_struct

Bytestruct stack and unpack structure as raw bytes with packed or bit field layout. An issue was discovered in the bytestruct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics...

GHSA-V7Q4-97X4-4QW2 Use of Uninitialized Resource in truetype

An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::takebytes...

Use of Uninitialized Resource in truetype

An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::takebytes...

GHSA-PPHF-F93W-GC84 Data race in may_queue

An issue was discovered in the mayqueue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur...

Data race in may_queue

An issue was discovered in the mayqueue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur...

GHSA-R7RV-2RPH-HVHJ Improper synchronization in buttplug

An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider !Send|!Sync objects, leading to a data race...