9526 matches found
Code injection
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within asstring methods...
Heap overflow
An issue was discovered in Deserializer::readvec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness...
CVE-2021-26305
An issue was discovered in Deserializer::readvec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness...
CVE-2021-26305
The CVE-2021-26305 issue affects the Rust crate cdr prior to 0.2.4, where Deserializer::read_vec could allow a user-provided Read implementation to access the old contents of newly allocated heap memory, creating a soundness vulnerability. The vulnerability arises from an uninitialized buffer bei...
CVE-2021-26306
CVE-2021-26306 affects the Rust crate raw-cpuid prior to version 9.0.0. The issue is caused by unsound transmute usage in as_string() methods, which leads to undefined behavior when converting data from #[repr(Rust)] structs via byte slices (VendorInfo.as_string(), SoCVendorBrand::as_string(), Ex...
CVE-2021-26307
The CVE-2021-26307 issue affects the Rust crate raw-cpuid prior to version 9.0.0 . The vulnerability allows calls to __cpuid_count() even when the processor does not support the CPUID instruction, which is deemed unsound and can cause a deterministic crash. Concrete details come from multiple sou...
CVE-2021-26308
An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness...
CVE-2021-26308
The CVE concerns the marc crate for Rust, affecting versions before 2.0.0. Affected code path is within the user-provided Read implementation (Record::read()), which could expose the old contents of newly allocated memory due to an uninitialized buffer being exposed to callers. This memory exposu...
Rust Memory Corruption Vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Rust has a memory corruption vulnerability in versions prior to 0.2.3. The vulnerability stems from the program's implied randomness to arrays, so that uninitialized memory may be discarded in the event of an...
Blackbeam Rust-marc 安全漏洞
Blackbeam Rust-marc is a codebase for the Rust language from Blackbeam's individual developers to interact with mrc format files. A security vulnerability exists in Blackbeam Rust-marc versions prior to 2.0.0, which stems from a user-supplied read implementation that can access the old contents o...
Mozilla Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust prior to 9.0.0 that stems from an unsound conversion call in the asstring method. No details of the vulnerability are available at this time...
Mozilla Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in the raw-cpuid crate function in versions of Rust prior to 9.0.0 that allows the cpuid count call to be made even if the processor does not support the cpuid directive, ultimate...
cdr crate before for Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Deserializer :: readvec in the cdr package of Rust prior to 0.2.4, which stems from the fact that the user-supplied read implementation of Deserializer :: readvec can access th...
CVE-2021-25907
An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...
CVE-2021-25908
An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From can lead to a double free...
CVE-2021-25905
An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory...
CVE-2021-25902
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, maparray can perform a double drop...
CVE-2021-25901
An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race...
CVE-2021-25906
An issue was discovered in the basicdspmatrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed...
CVE-2021-25904
An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault...