CVE-2021-26956

The CVE-2021-26956 issue affects the Rust xcb crate (pre-2021-02-04). Bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value, causing a soundness violation. Reported CVSS data show a base score of 9.8 (CRITICAL) with network attack vector and n...

CVE-2021-26956

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value...

CVE-2021-26956

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value...

CVE-2021-26953

The CVE-2021-26953 issue affects the Rust crate postscript, prior to version 0.14.0. Affected functionality passes an uninitialized buffer to a user-provided Read implementation, allowing potential information disclosure from uninitialized memory. The underlying cause is exposing an uninitialized...

CVE-2021-26953

An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation...

admin (=0.1.1), amiwo (>=0.0.1 <=0.2.3) +206 more potentially affected by CVE-2021-29935 via rocket (>=0.1.6 <=0.4.11)

rocket CARGO version =0.1.6, =0.0.1, =0.1.0, =3.5.0, =0.8.0, =0.10.0, =0.16.0, =0.3.0, =0.4.0 - automaat-server =0.1.0 - aw-client-rust =0.1.0 - aw-datastore =0.1.0 - aw-query =0.1.0 - aw-server =0.8.0 - aw-sync =0.1.0 - aw-transform =0.1.0 and more Source cves: CVE-2021-29935 Source advisory:...

Rust 信息泄露漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. An information disclosure vulnerability exists in versions of Rust prior to 0.1.3, which can be exploited to obtain sensitive information via a memory location that is never initialized by IoReader :: read...

Rust 信息泄露漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. An information disclosure vulnerability exists in versions of Rust prior to 0.14.0, which can be exploited by an attacker to obtain sensitive information from uninitialized memory locations via a user-supplied...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in versions of Rust prior to 2021-02-04, which stems from xcb::xproto::changeproperty allowing out-of-bounds read operations. No detailed vulnerability details are provided...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in versions of Rust prior to 0.17.0 that can be exploited by an attacker to overwrite a heap memory location...

Rust 资源管理错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in versions of Rust prior to 0.3.1 that stems from insertsliceclone generating two drop actions when a Clone exception occurs. No details of the vulnerability are...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 2021-02-04, and no details of the vulnerability are available at this time...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 2021-02-04, and no details of the vulnerability are available at this time...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 2021-02-04, which stems from the fact that byte-type data returned from an X server can be parsed into an arbitrary data type by...

Path Traversal in rust-compress/rc-zip

:book: Description rc-zip Pure rust zip & zip64 reading and writing. this package is vulnerable for zip-slip https://github.com/rust-compress/rc-zip https://crates.io/crates/rc-zip :recycle: Steps To Reproduce-: 0 download and run latest release from https://github.com/rust-compress/rc-zip 1 run ...

AskAI (=0.1.0), arrow-flight (>=4.0.0 <=6.4.0) +165 more potentially affected by CVE-2021-21299 via hyper (>=0.14.11 <=0.14.29)

hyper CARGO version =0.14.11, =4.0.0, =0.2.1, =2.2.0, =0.1.0, =0.9.3, =0.11.1, =0.1.0, =0.2.1, =0.2.0, =0.3.1 and more Source cves: CVE-2021-21299 Source advisory: OSV:RUSTSEC-2021-0020...

easy-http-request (>=0.0.5 <=0.1.0), epic-wallet-rust-python (>=0.1.0 <=0.2.0) +8 more potentially affected by CVE-2021-21299 via hyper (>=0.12.12 <=0.12.19)

hyper CARGO version =0.12.12, =0.0.5, =0.1.0, =0.1.0, =3.3.2, =3.3.2, =3.3.2, =3.0.0, =3.0.0, =3.0.0, =3.0.5 Source cves: CVE-2021-21299 Source advisory: OSV:RUSTSEC-2021-0020...

AsgoreCore (>=0.1.0 <=0.1.2), RustyBox (=0.1.0) +425 more potentially affected by CVE-2021-26955 +3 more via xcb (>=0.10.1 <=0.9.0)

xcb CARGO version =0.10.1, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =1.0.9, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: CVE-2021-26955, CVE-2021-26956, CVE-2021-26957, CVE-2021-26958 Source advisory: OSV:RUSTSEC-2021-0019...

RUSTSEC-2021-0019 Multiple soundness issues

Calls std::str::fromutf8unchecked without any checks The function xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on the raw bytes that were received from the X11 server without any validity checks. The X11 server only prevents interior null bytes, but otherwise allows any X...

Multiple soundness issues

Calls std::str::fromutf8unchecked without any checks The function xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on the raw bytes that were received from the X11 server without any validity checks. The X11 server only prevents interior null bytes, but otherwise allows any X...