CVE-2020-35889

CVE-2020-35889 affects the Rust crayon crate. The issue is a time-of-check to time-of-use (TOCTOU) memory-safety vulnerability in the HandleLike handling (ObjectPool/HandlePool) that can enable memory-safety violations. Root cause is a misbehaving HandleLike implementation, documented in the RUST...

CVE-2020-35889

An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike...

CVE-2020-35890

The CVE-2020-35890 entry concerns the ordnung crate for Rust, where compact::Vec may violate memory safety via out-of-bounds access when handling large capacity. Related advisories describe additional memory-safety issues, including a remove() path that can double-free and out-of-bounds reads. Pu...

CVE-2020-35891

CVE-2020-35891 concerns the Rust crate ordnung (up to version 0.0.1) where the type compact::Vec can violate memory safety due to a double-free during an emulated remove() operation. The issue is explicitly described as a memory-safety problem in compact::Vec, including a double-free scenario whe...

CVE-2020-35891

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove double free...

CVE-2020-35892

CVE-2020-35892 : In Rust crate simple-slab , versions before 0.3.3 contain an out-of-bounds read in the index() function. The issue is corroborated by multiple sources (NVD, RH, GHSA/OSV) and is rated CRITICAL (CVSS3.1 base score 9.1; network interaction, no privileges required). The connected do...

CVE-2020-35892

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index allows an out-of-bounds read...

CVE-2020-35893

CVE-2020-35893 affects the Rust crate simple-slab, prior to version 0.3.3. The remove() function has an off-by-one error that can cause memory leakage and a drop of uninitialized memory. This is documented across multiple sources (NVD entry and OSV/GHSA advisories) and is not accompanied by publi...

CVE-2020-35894

CVE-2020-35894 affects the Rust crate obstack prior to 0.1.4. The underlying issue is unaligned references for types that require a large alignment, as described in the RustSec advisory (RUSTSEC-2020-0040). Reported through multiple feeds, this vulnerability is tied to the obstack crate’s handlin...

CVE-2020-35894

An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur...

CVE-2020-35895

The CVE-2020-35895 issue affects the Rust stack crate before 0.3.1, where ArrayVec insertion can trigger an out-of-bounds write due to a missing upper-bound check. The vulnerability is described across multiple sources (e.g., Rustsec/RUSTSEC-2020-0042 and related advisories) and is associated wit...

CVE-2020-35895

An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion...

CVE-2020-35896

The CVE-2020-35896 issue affects the ws crate (Rust) where the outgoing buffer is not properly limited, allowing a remote memory‑consumption attack. Affected versions did not cap growth of the outgoing buffer, enabling a remote attacker to exhaust memory and kill the process on a single connectio...

CVE-2020-35897

The CVE-2020-35897 entry affects the Rust crate atom prior to version 0.3.6. The root cause is an unsafe Send implementation that permits cross‑thread data races, potentially enabling memory-safety issues. Documents from multiple sources (Red Hat, GitHub GHSA, OSV, NVD, RustSec advisories) corrob...

CVE-2020-35898

CVE-2020-35898 affects the actix-utils crate for Rust, prior to version 2.0.0. The root cause is a bespoke Cell implementation that does not properly track mutable references, allowing multiple mutable references to the same data. Impact: potential memory corruption or use-after-free scenarios; e...

CVE-2020-35899

CVE-2020-35899 concerns the actix-service crate for Rust prior to 1.0.6, where a bespoke Cell implementation may allow obtaining multiple mutable references to the same data. This root cause can enable use-after-free-like behavior and memory corruption. Several connected sources confirm the issue...

CVE-2020-35900

CVE-2020-35900 affects the Rust array-queue crate (pop_back) and may cause a use-after-free due to incorrect indexing in the pop_back path. Multiple connected advisories (RUSTSEC-2020-0047, GHSA-75CQ-G75G-RXFF, OSV/RUSTSEC mirrors) describe the same issue. The available documents do not specify a...

CVE-2020-35900

An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A popback call may lead to a use-after-free...

CVE-2020-35901

CVE-2020-35901 affects the actix-http crate for Rust, with exploitation possible via a use-after-free in BodyStream caused by lack of pinning. The issue is tied to the crate’s handling of buffers and memory location, and is mitigated by upgrading to a fixed version (2.0.0-alpha.1) or later as ind...

CVE-2020-35902

CVE-2020-35902 affects the actix-codec crate prior to 0.3.0-beta.1 for Rust, with a use-after-free in Framed caused by lack of proper pinning. The issue is documented in RUSTSEC-2020-0049 and various feeds (Red Hat, OSV, GHSA). Impact is reflected in CVSS metrics (up to Critical in v3.1, HIGH in ...