Use after free in rusqlite

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free...

GHSA-M3WW-7HRP-GW9W Drop of uninitialized memory in Ozone

An issue was discovered in the ozone crate through version 0.1.0 for Rust. Memory safety is violated because of the dropping of uninitialized memory...

Drop of uninitialized memory in Ozone

An issue was discovered in the ozone crate through version 0.1.0 for Rust. Memory safety is violated because of the dropping of uninitialized memory...

GHSA-7CJC-HVXF-GQH7 Use after free and double free in bitvec

An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free...

Dangling reference in flatbuffers

An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. readscalar and readscalarat can transmute values without unsafe blocks...

GHSA-3VJM-36RR-7QRQ NULL Pointer Dereference in cbox

An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code...

NULL Pointer Dereference in cbox

An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code...

ABC_Game_Engine (>=0.1.0 <=0.1.2), AskAI (=0.1.0) +42058 more potentially affected by CVE-2020-35861 via bumpalo (>=3.14.0 <=3.20.3)

bumpalo CARGO version =3.14.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.6, =0.0.0, =0.1.2, =0.0.0, =0.1.0-beta.1, =0.0.8, =0.1.15 and more Source cves: CVE-2020-35861 Source advisory: OSV:GHSA-VQX7-PW4R-29RR...

GHSA-VQX7-PW4R-29RR Out of bounds read in bumpalo

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys...

Out of bounds read in bumpalo

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys...

GHSA-G4W7-3QR8-5623 Improper type usage in rusqlite

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the reprRust type...

GHSA-RJH8-P66P-JRH5 Data races in rusqlite

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race...

GHSA-8RC5-MR4F-M243 Use after free in rio

An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race...

GHSA-GX73-2498-R55C Unsound casting in flatbuffers

The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool. In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code...

Double free in http

An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness...

DesignerHelper-rs (>=0.1.0 <=0.1.2), GetPDB (>=0.1.0 <=1.0.1) +6475 more potentially affected by CVE-2019-25010 +1 more via failure (>=0.1.0 <=0.1.8)

failure CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.4.0 - abscissacore =0.4.0 and more Source cves: CVE-2019-25010, CVE-2020-25575 Source advisory: OSV:GHSA-R98R-J25Q-RMPR...

GHSA-R98R-J25Q-RMPR Rust Failure Crate Vulnerable to Type confusion

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

Rust Failure Crate Vulnerable to Type confusion

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

algorithmia (=3.0.0-beta), approveapi (=0.1.0) +164 more potentially affected by CVE-2020-35863 via hyper (>=0.11.27 <=0.12.19)

hyper CARGO version =0.11.27, =0.1.0, =0.2.0, =1.5.0, =0.4.2, =0.1.0, =0.1.0, =0.37.0, =0.39.2 and more Source cves: CVE-2020-35863 Source advisory: OSV:GHSA-H3QR-RQ2J-74W4...

GHSA-MP6F-P9GP-VPJ9 Array size is not checked in sized-chunks

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair...