UBUNTU-CVE-2019-16141

An issue was discovered in the oncecell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy...

Design/Logic Flaw

An issue was discovered in the oncecell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy...

Format string

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::setlen is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution...

Design/Logic Flaw

An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes...

Design/Logic Flaw

An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion...

CVE-2019-16137

An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion...

Code injection

An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield during API calls...

CVE-2019-16138

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::setlen is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution...

Out-of-bounds

An issue was discovered in the compactarena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read...

CVE-2019-16144

An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield during API calls...

CVE-2019-16144

CVE-2019-16144 affects the Rust crate named “generator”, prior to version 0.6.18. The issue is that uninitialized memory is used by internal components (Scope, done, and yield_) during API calls, which can lead to undefined behavior. Public advisories (e.g., RustSec/RUSTSEC-2019-0020 and OSV entr...

CVE-2019-16143

The CVE concerns the blake2 crate for Rust, affecting versions before 0.8.1. The root cause is incorrect block sizes when BLAKE2b/BLAKE2s are used with HMAC, causing MAC results to be computed with half the required sizes. Documents consistently describe miscalculation of MAC results (MacResult) ...

CVE-2019-16143

An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes...

CVE-2019-16142

The CVE-2019-16142 issue affects the renderdoc crate for Rust prior to 0.5.0, where multiple exposed methods take self by immutable reference. This design is incompatible with a mutable interior state and can be unsafe when called from multiple threads without synchronization. Reported across Red...

CVE-2019-16141

An issue was discovered in the oncecell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy...

CVE-2019-16141

CVE-2019-16141 concerns the Rust crate once_cell prior to 1.0.1 . The issue is a panic during initialization of the Lazy static. Concrete details across connected sources confirm the affected component (once_cell) and the root cause (panic in Lazy initialization). No explicit exploit vectors or i...

CVE-2019-16141

An issue was discovered in the oncecell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy...

CVE-2019-16139

The CVE-2019-16139 issue affects the Rust crate compact_arena prior to 0.4.0, where flawed generativity handling allowed an out-of-bounds write or read. Exploitation involves mixing indices between arenas, enabling memory access violations. The root cause is improper generativity implementation; ...

CVE-2019-16138

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::setlen is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution...

CVE-2019-16138

CVE-2019-16138 affects the Rust image crate, specifically the HDR image format decoder, where Vec::set_len is invoked on an uninitialized vector, causing a use-after-free and potential arbitrary code execution. The issue impacts the image crate prior to version 0.21.3. According to the connected ...