CVE-2019-16137

An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion...

CVE-2019-16137

CVE-2019-16137 affects the spin crate for Rust (before version 0.5.2) where the RwLock memory ordering is mishandled. The underlying issue can allow two writers to acquire the lock simultaneously, violating mutual exclusion. This is documented across multiple sources (NVD, Red Hat, SUSE, OSV, Git...

CVE-2019-16140

CVE-2019-16140 affects the Rust chttp crate prior to version 0.1.3, with a use-after-free in the buffer conversion path. The From implementation for Vec can return a vector backed by freed memory, risking memory corruption or undefined behavior. A fix was published in 0.1.3. Remediation: upgrade ...

FreeBSD : oniguruma -- multiple vulnerabilities (a8d87c7a-d1b1-11e9-a616-0992a4564e7c)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

CVE-2019-16140

An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion...

UBUNTU-CVE-2019-10052

An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parseclientidoption in the dhcp/parser.rs file...

ncurses crate for Rust buffer overflow vulnerability

ncurses crate for Rust is a Rust-based library for writing terminal-independent text-based user interfaces. A buffer overflow vulnerability exists in ncurses crate for Rust 5.99.0 and prior versions of instr and mvwinstr, which can be exploited by an attacker to cause a buffer overflow or heap...

memoffset crate for Rust information disclosure vulnerability

memoffset crate for Rust is a Rust-based package for calculating offsets for structural members and their spans. An information disclosure vulnerability exists in versions of memoffset crate for Rust prior to 0.5.0, which can be exploited by an unauthorized attacker to obtain sensitive informatio...

rust-protobuf out-of-memory vulnerability

rust-protobuf is a Rust implementation of the Google protocol buffer. An out-of-memory vulnerability exists in rust-protobuf versions prior to 2.6.0. An attacker can exploit this vulnerability to exhaust all memory via the Vec::reserve call...

CVE-2019-15547

An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled...

CVE-2019-15543

An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases...

CVE-2019-15546

An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities...

CVE-2019-15548

An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled...

CVE-2019-15547

An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled...

CVE-2019-15542

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

CVE-2019-15548

An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled...

CVE-2019-15544

An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls...

CVE-2019-15546

An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities...

CVE-2019-15542

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

CVE-2017-18588

An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates...