UBUNTU-CVE-2020-36465

An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes...

Design/Logic Flaw

An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...

CVE-2020-36432

An issue was discovered in the algds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new...

CVE-2020-36432

CVE-2020-36432 affects the alg_ds crate for Rust (up to 2020-08-25). The issue is a drop of uninitialized memory in Matrix::new(), caused by Matrix::fill_with() using a *ptr = value pattern that assumes an initialized struct at the address, leading to dropping of uninitialized memory. Public refe...

CVE-2020-36433

The CVE-2020-36433 entry concerns the chunky crate for Rust. The vulnerability is described as: the Chunk API does not honor an alignment requirement, allowing the creation of unaligned references and resulting in undefined behavior. This issue affects the chunky crate up to 2020-08-25 and has an...

CVE-2020-36433

An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement...

CVE-2020-36434

The CVE-2020-36434 issue affects the Rust crate sys-info prior to version 0.8.0. The root cause is a static/global list used to store temporary disk information; cleanup code (DFCleanup) assumes a single-threaded environment and can free the same memory twice when sys_info::disk_info is invoked c...

CVE-2020-36434

An issue was discovered in the sys-info crate before 0.8.0 for Rust. sysinfo::diskinfo calls can trigger a double free...

CVE-2020-36435

CVE-2020-36435 affects the Rust crate ruspiro-singleton prior to 0.4.1. The issue is that Singleton did not enforce bounds on Send and Sync, allowing non-Sync types (e.g., Cell) to be used in singletons and potentially cause data races. The vulnerability is captured across multiple catalogs (NVD,...

CVE-2020-36435

An issue was discovered in the ruspiro-singleton crate before 0.4.1 for Rust. In Singleton, Send and Sync do not have bounds checks...

CVE-2020-36436

CVE-2020-36436 concerns the Rust crate unicycle (pre-0.7.1). PinSlab and Unordered were implemented without proper bounds on Send and Sync, enabling potential data races when these generic types are sent across threads or accessed concurrently without synchronization. The linked advisories (e.g.,...

CVE-2020-36436

An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab and Unordered do not have bounds on their Send and Sync traits...

CVE-2020-36437

An issue was discovered in the conqueue crate before 0.4.0 for Rust. There are unconditional implementations of Send and Sync for QueueSender...

CVE-2020-36437

The CVE-2020-36437 issue concerns the Rust conqueue crate prior to 0.4.0. The root cause is unconditional implementations of Send and Sync for QueueSender, which permits sending non-Send values across threads via (&QueueSender).send(), enabling data races and potentially memory corruption. Affect...

CVE-2020-36438

An issue was discovered in the tinyfuture crate before 0.4.0 for Rust. Future does not have bounds on its Send and Sync traits...

CVE-2020-36438

The CVE-2020-36438 issue affects the Rust crate tiny_future (before version 0.4.0), where Future lacks bounds on Send and Sync. The result is a potential data race when using non-thread-safe types (e.g., Cell) inside futures, as described by multiple sources (e.g., GHSA and OSV entries referencin...

CVE-2020-36439

An issue was discovered in the ticketedlock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket and WriteTicket...

CVE-2020-36439

The CVE-2020-36439 entry concerns the Rust crate ticketed_lock prior to 0.3.0, which unconditionally implemented Send for ReadTicket and WriteTicket. This allows sending non-Send T across threads, enabling data races with internal mutability and potentially memory corruption or undefined behavior...

CVE-2020-36440

An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder, it implements Send for any R: Read...

CVE-2020-36440

CVE-2020-36440 : In the libsbc crate for Rust (before 0.1.5), the Decoder type implements Send for any R: Read, allowing it to carry an R that may not be Send. This can enable undefined behavior such as memory corruption or data races if the contained reader is moved across threads. The root caus...