CVE-2020-35920

An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2020-35920

The CVE-2020-35920 entry concerns the Rust socket2 crate (before 0.3.16) that makes incorrect assumptions about the memory layout of std::net::SocketAddr. This mismatch can lead to invalid memory handling when converting between Rust socket addresses and system representations, potentially causin...

CVE-2020-35920

An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2020-35921

An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2020-35921

CVE-2020-35921 — miow crate (Rust) Affected software: miow crate for Rust, prior to version 0.3.6. Root cause: incorrect assumptions about the memory layout of std::net::SocketAddr, leading to invalid memory handling. Impact: potential memory-safety issues due to misrepresentation of SocketAddr m...

CVE-2020-35921

An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2020-35922

The CVE-2020-35922 issue affects the Rust mio crate prior to 0.7.6, where the component makes false assumptions about the memory representation of std::net::SocketAddr. This root cause stems from assuming SocketAddrV4/V6 share a memory layout with the system sockaddr, leading to unsafe casts and ...

CVE-2020-35922

An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2020-35922

An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2020-35923

An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN...

CVE-2020-35923

CVE-2020-35923 concerns the Rust crate ordered-float . A NotNan value can contain a NaN after certain assignment operators (e.g., NotNan::add_assign , NotNan::mul_assign ); unsafe code paths in safe comparisons assume non-NaN, risking undefined behavior. Affected versions are before 1.1.1 and 2.x...

CVE-2020-35924

CVE-2020-35924 affects the Rust crate try-mutex prior to 0.3.0. The issue arises because TryMutex allowed cross-thread sending of non-Send types due to an unconditional Sync implementation, enabling data races. The root cause is absence of a Send bound on the Sync trait implementation for TryMute...

CVE-2020-35924

An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex allows cross-thread sending of a non-Send type...

CVE-2020-35925

Summary (concrete details): The issue CVE-2020-35925 affects the Rust magnetic crate up to version 2.0.1. The root cause: MPMCConsumer and MPMCProducer implementations unconditionally provided Sync/Send, allowing cross-thread sending of non-Send types. This creates a potential data race. The flaw...

CVE-2020-35926

CVE-2020-35926 concerns the nanorand crate for Rust prior to 0.5.1, where random number generators (including ChaCha) could return all zeroes due to integer truncation. This affects RNG implementations for standard unsigned integers and arises from using bit-shifting instead of a direct cast, per...

CVE-2020-35927

The CVE-2020-35927 entry concerns the Rust thex crate, where Thex allows cross-thread data races of non-Send types. The issue arises because Thex implements Sync for all T but lacks a Send bound for T, enabling non-Send types (e.g., Rc) to be transferred across threads, which can trigger undefine...

CVE-2020-35928

An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache data race by sending types that do not implement Send/Sync...

CVE-2020-35928

Concread crate (Rust) before 0.2.6 exposes a data race in ARCache when non-Send/Sync types are used. Root cause: ARCache implementation unbound by Send/Sync, allowing unsafe concurrent access. The issue was fixed in 0.2.6 by adding K: Send + Sync and V: Send + Sync bounds to the affected Send/Syn...

Rust tiny_http crate 环境问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. An environmental issue vulnerability exists in tinyhttp crate in versions of Mozilla Rust prior to 2020-06-16, which stems from an HTTP request smuggling can occur via a misformatted transport encoding header. N...

Rust Resource Management Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. ws crate through 2020-09-25 for Rust A security vulnerability exists that stems from the outgoing buffer not being properly constrained, leading to a remote memory consumption attack...