`Sectors::get` accesses unclaimed/uninitialized memory

Affected versions of this crate arbitrarily calls Vec::setlen to increase length of a vector without claiming more memory for the vector. Affected versions of this crate also calls user-provided Read on the uninitialized memory of the vector that was extended with Vec::setlen. This can overwrite...

RUSTSEC-2021-0015 `Sectors::get` accesses unclaimed/uninitialized memory

Affected versions of this crate arbitrarily calls Vec::setlen to increase length of a vector without claiming more memory for the vector. Affected versions of this crate also calls user-provided Read on the uninitialized memory of the vector that was extended with Vec::setlen. This can overwrite...

CVE-2021-21235

Summary (CVE-2021-21235): kamadak-exif (Rust) v0.5.2 contains an infinite loop in PNG parsing via reader::read_from_container when given crafted PNG files. The issue is fixed in v0.5.3; upgrade to 0.5.3 to mitigate. Applications that do not pass PNG-signature files to Reader::read_from_container ...

CVE-2021-21235

kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::readfromcontainer can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5.3. No workaround i...

Rust Resource Management Error Vulnerability (CNVD-2021-39556)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in Rust pyo3 crate versions prior to 0.12.4, which stems from a reference counting error and post-release usage in From . No details of the vulnerability are...

Unspecified vulnerability in Mozilla Rust crayon crate

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in crayon crate in Mozilla Rust version 2020-08-31, which stems from a memory security violation via a handle-like handle. No details of the vulnerability are provided at this tim...

Rust atom crate competitive condition issue vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust atom crate, which stems from an insecure Send implementation that allows data contention across threads. No details of the vulnerability are provided at this time...

Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30440)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in failure crate in versions of Mozilla Rust prior to 2019-11-13, which stems from a type confusion that occurs when a private get type id is overridden. No details of the...

Mozilla Rust tiny_http crate environment issue vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. An environmental issue vulnerability exists in tinyhttp crate in versions of Mozilla Rust prior to 2020-06-16, which stems from an HTTP request smuggling can occur via a misformatted transport encoding header. N...

Mozilla Rust ordnung crate buffer overflow vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust version prior to 2020-09-03 has an ordnung crate in buffer overflow vulnerability that stems from Vec violating memory safety through out-of-bounds access to large volumes. No details of the...

Mozilla Rust rocket crate competitive conditions issue vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A contention condition issue vulnerability exists in rocket crate in versions of Mozilla Rust prior to 0.4.5, which stems from LocalRequest::clone creating multiple mutable references to the same object, which c...

Unspecified Vulnerability in Rust (CNVD-2021-37534)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in thex crate for Rust versions 2020-12-08 and earlier, which stems from thex allowing cross-thread data contention for non-sending types. No details of the vulnerability are...

Mozilla Rust ozone crate buffer overflow vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in ozone crate in versions of Mozilla Rust prior to 2020-07-04, which stems from an out-of-bounds access that violates memory safety. No details of the vulnerability are...

Unspecified vulnerability in Mozilla Rust arr crate

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Mozilla Rust versions prior to 2020-08-25 in arr crate, which stems from a buffer overflow in Index and IndexMut. No details of the vulnerability are provided at this time...

Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30443)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in streebog crate in versions of Mozilla Rust prior to 0.8.0, which stems from a Streebog hash function that produces incorrect answers. No details of the vulnerability are provid...

Mozilla Rust rusqlite crate resource management error vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in rusqlite crate in versions of Mozilla Rust prior to 0.23.0, which stems from the fact that memory security can be violated via the Auxdata API use-after-free.N...

Mozilla Rust Resource Management Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in http crate in versions of Mozilla Rust prior to 0.1.20, which stems from HeaderMap:: The Drain API can use raw pointers to corrupt sound effects. No details of the vulnerabilit...

Mozilla Rust post-release reuse vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. futures-task crate before 0.3.6 for Rust contains a security vulnerability that can be exploited by an attacker to potentially cause use-after-free in the case of non-static types...

Unspecified vulnerability in Mozilla Rust rulinalg crate

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in rulinalg crate in versions of Mozilla Rust prior to 2020-02-11, which stems from improperly defined lifecycle boundaries in RowMut::raw slice and RowMut::raw slice mut. No...

Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30442)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in streebog crate in versions of Mozilla Rust prior to 0.8.0, which stems from the Streebog hash function causing a panic. No details of the vulnerability are provided at this tim...