Design/Logic Flaw

An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory...

Remote code execution

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface...

Buffer overflow

An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut...

Design/Logic Flaw

An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion...

Information disclosure

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove has an off-by-one error, causing memory leakage and a drop of uninitialized memory...

Out-of-bounds

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity...

Out-of-bounds

An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access...

Design/Logic Flaw

An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race...

Design/Logic Flaw

An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation...

Design/Logic Flaw

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index allows an out-of-bounds read...

Double free

An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free...

Code injection

An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack...

CVE-2020-35861

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys...

Design/Logic Flaw

An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::newfromtemplate...

CVE-2019-25001

An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...

Information disclosure

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification...

Design/Logic Flaw

An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...

Type confusion

An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when privategettypeid is overridden...

Design/Logic Flaw

An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free...

Design/Logic Flaw

An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike...