CVE-2019-25003

An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::checkoverflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information...

CVE-2019-25007

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic...

CVE-2019-25009

An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness...

CVE-2019-25010

An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when privategettypeid is overridden...

CVE-2020-35860

An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code...

CVE-2020-35859

An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption...

CVE-2019-25002

An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...

CVE-2020-35863

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface...

Design/Logic Flaw

An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::rawslice and RowMut::rawslicemut...

Double free

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove double free...

Race condition

An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free...

Cross site scripting

An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race...

Code injection

An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code...

Memory corruption

An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x...

Input validation

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor...

Design/Logic Flaw

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the reprRust type...

Design/Logic Flaw

An issue was discovered in the tinyhttp crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header...

Design/Logic Flaw

An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness...

Information disclosure

An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::checkoverflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information...

Design/Logic Flaw

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer...