CVE-2020-36217

The CVE-2020-36217 issue concerns the may_queue crate (through 2020-11-10) for Rust, where the Queue type lacks Send/Sync bounds. This omission can enable memory corruption in concurrent contexts, as reported in multiple sources (e.g., RUSTSEC-2020-0111 and related advisories). The vulnerability ...

CVE-2020-36218

An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider !Send|!Sync objects, leading to a data race...

CVE-2020-36218

The CVE-2020-36218 issue affects the Rust crate buttplug (versions before 1.0.4). The root cause is that ButtplugFutureStateShared does not properly respect types that are not Send or not Sync, allowing a data race on such objects. The vulnerability is documented across multiple sources (e.g., RU...

CVE-2020-36219

The CVE-2020-36219 entry concerns the Rust crate atomic-option, where AtomicOption unconditionally implements Sync. This enables data races when non-Sync types are moved across threads, as reported in multiple sources (RustSec/RUSTSEC-2020-0113 and GHSA/RH updates). Affected component: atomic-opt...

CVE-2020-36219

An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption implements Sync unconditionally, a data race can occur...

CVE-2020-36220

CVE-2020-36220 affects the Rust crate va-ts (before 0.0.4). TheDemuxer type omits a required T: Send bound, allowing non‑Send types to be carried across thread boundaries. This can lead to a data race and memory corruption. The issue is documented in multiple sources (including Red Hat and RustSe...

CVE-2020-36220

An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer omits a required T: Send bound, a data race and memory corruption can occur...

CVE-2021-25900

CVE-2021-25900 affects the Rust smallvec crate prior to 0.6.14 and 1.x prior to 1.6.1, where SmallVec::insert_many can cause a heap-based buffer overflow. The issue is mitigated by upgrading to smallvec 0.6.14 or 1.6.1. In practice, vulnerable code paths may impact crates that vendor smallvec (e....

CVE-2021-25900

An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insertmany...

CVE-2021-25900

An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insertmany...

CVE-2021-25901

CVE-2021-25901 concerns the lazy-init crate for Rust, where the absence of a Send bound enables data races in safe code. Consequence is potential data contention and non-deterministic behavior if the crate is used in multi-threaded contexts. Public advisories (RustSec/RustSec-advisory style) desc...

CVE-2021-25901

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race...

CVE-2021-25902

An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, maparray can perform a double drop...

CVE-2021-25902

The CVE-2021-25902 issue affects the Rust crate glsl-layout prior to 0.4.0, where panicking inside the user-provided function f of map_array can cause a double drop of a single object. The root cause is inadequate handling of panic, allowing the object to be dropped twice. The vulnerability was m...

CVE-2021-25903

The CVE-2021-25903 entry concerns the Rust cache crate, where a raw pointer is dereferenced. Multiple connected sources (RustSec advisory RUSTSEC-2021-0006, OSV/NVD listings, Red Hat/RH CVE pages, and related advisories) describe a null/dereferenced-pointer issue in versions through 2021-01-01, c...

CVE-2021-25903

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced...

CVE-2021-25905

The CVE-2021-25905 issue affects the Rust crate bra (before 0.1.1). It is a soundness flaw where an uninitialized memory region could be read, exposed by an implementation (GreedyAccessReader) that reads from a buffer during BufRead. The vulnerability is addressed by updating the crate to version...

CVE-2021-25906

CVE-2021-25906 affects the Rust crate basic_dsp_matrix prior to version 0.9.2. A panic in TransformContent can trigger a double drop, leading to potential memory corruption. Multiple sources (Red Hat CVE, GHSA, OSV, RustSec advisory) confirm the issue and point to the same root cause: unsafe hand...

CVE-2021-25906

An issue was discovered in the basicdspmatrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed...

CVE-2021-25907

CVE-2021-25907 affects the Rust containers crate prior to 0.9.11. When a panic occurs in a user-provided function, a double drop may be performed on util::{mutate, mutate2}, risking memory corruption due to temporary ownership duplication (ptr::read). The issue has been addressed in version 0.9.1...