Code injection

An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...

Memory corruption

An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2020-35910

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness...

Design/Logic Flaw

An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens with invalid base62 data can panic...

CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

Design/Logic Flaw

An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations in safe code...

UBUNTU-CVE-2020-35906

An issue was discovered in the futures-task crate before 0.3.6 for Rust. futurestask::waker may cause a use-after-free in a non-static type situation...

UBUNTU-CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

UBUNTU-CVE-2020-35922

An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

UBUNTU-CVE-2020-35920

An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

Authentication flaw

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

Design/Logic Flaw

An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A popback call may lead to a use-after-free...

CVE-2020-35913

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness...

Code injection

An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...

CVE-2018-25001

The CVE-2018-25001 issue affects the Rust crate libpulse-binding prior to version 2.5.0, where proplist::Iterator can cause a use-after-free by mismanaging the lifetime between Proplist and its iterator. Public references and advisories (e.g., GHSA-f56g-chqp-22m9 and GHSA-6GVC-4JVJ-PWQ4) describe...

CVE-2018-25001

An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free...

CVE-2019-25001

CVE-2019-25001 affects the Rust crate serde_cbor prior to 0.10.2. The CBOR deserializer can cause stack consumption when processing nested semantic tags, enabling potential resource exhaustion. The issue is confined to the crate’s deserialization path; affected versions are those before 0.10.2. R...

CVE-2019-25002

The CVE-2019-25002 issue affects the sodiumoxide crate for Rust prior to version 0.2.5. The vulnerability stems from generichash::Digest::eq comparing the value to itself, producing degenerate security properties (reported across Red Hat, OSV, GHSA advisories, and NVD records). Practical impact i...

CVE-2019-25002

An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...

CVE-2019-25003

CVE-2019-25003 affects the Rust libsecp256k1 crate prior to 0.3.1, where Scalar::check_overflow did not execute in constant time. This timing side-channel can allow an attacker to potentially obtain sensitive information. The issue is fixed in 0.3.1 by making Scalar::check_overflow constant time;...