CVE-2020-35903

CVE-2020-35903 affects the Rust dync crate prior to 0.5.0, where VecCopy can misalign elements because Vec may store non-u8 types. This enables misaligned access when reading/writing elements of different types. The issue is documented across multiple sources (e.g., RustSec/RUSTSEC-2020-0050 and ...

CVE-2020-35903

An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question...

CVE-2020-35904

CVE-2020-35904 affects the Rust crate crossbeam-channel prior to version 0.4.4. The issue is an incorrect assumption about the relationship between memory allocation and the number of elements produced by an iterator, leading to unsound behavior when the Vec is reconstructed from a raw pointer ba...

CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

CVE-2020-35905

An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations in safe code...

CVE-2020-35905

The CVE-2020-35905 issue affects the futures-util crate for Rust (pre-0.3.7). A MutexGuard::map path can cause a data race in safe code under certain closure scenarios. This is a local issue in the crate’s synchronization logic that could lead to data races, as described in the advisory and Red H...

CVE-2020-35906

An issue was discovered in the futures-task crate before 0.3.6 for Rust. futurestask::waker may cause a use-after-free in a non-static type situation...

CVE-2020-35906

An issue was discovered in the futures-task crate before 0.3.6 for Rust. futurestask::waker may cause a use-after-free in a non-static type situation...

CVE-2020-35906

The CVE concerns the Rust futures-task crate before 0.3.6. The issue is a use-after-free in futures_task::waker when used with non-static types, potentially leading to memory safety problems. Affected software is the futures-task crate (Rust) prior to version 0.3.6; the root cause is not explicit...

CVE-2020-35907

The CVE-2020-35907 entry concerns the Rust futures-task crate prior to 0.3.5. The issue, in futures_task::noop_waker_ref, permits a NULL pointer dereference, potentially causing a crash. Affected component: futures-task crate before 0.3.5. Impact statements are limited to what is stated; no explo...

CVE-2020-35907

An issue was discovered in the futures-task crate before 0.3.5 for Rust. futurestask::noopwakerref allows a NULL pointer dereference...

CVE-2020-35908

An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled...

CVE-2020-35908

CVE-2020-35908 affects the Rust crate futures-util (before 0.3.2). The issue is an improper implementation of Sync in the FuturesUnordered structure, which used interior mutability via a Cell without proper synchronization. This can lead to data corruption when multiple threads access the interna...

CVE-2020-35909

An issue was discovered in the multihash crate before 0.11.3 for Rust. The fromslice parsing code can panic via unsanitized data from a network server...

CVE-2020-35909

The CVE-2020-35909 issue affects the Rust multihash crate prior to 0.11.3. The from_slice (and from_bytes) parsing path can panic when fed certain malformed or unsanitized input from a network source, potentially enabling DoS via unexpected panics in network code. Connected advisories (e.g., rust...

CVE-2020-35910

CVE-2020-35910 affects the Rust crate lock_api prior to version 0.4.2. The issue is a data race caused by unsoundness in MappedMutexGuard, as reported across multiple sources referencing the same flaw in lock_api. This can enable data races in affected code paths that rely on the lock. The vulner...

CVE-2020-35910

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness...

CVE-2020-35910

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness...

CVE-2020-35911

CVE-2020-35911 affects the Rust lock_api crate prior to 0.4.2. The issue is a data race caused by unsoundness in MappedRwLockReadGuard, with no explicit exploit details provided. Remediation: upgrade to 0.4.2 or later. Details are limited to the provided documents.