CVE-2019-15549

An issue was discovered in the asn1der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field...

Design/Logic Flaw

An issue was discovered in the asn1der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field...

CVE-2017-18589

CVE-2017-18589 affects the Rust cookie crate (pre-0.7.6). The issue arises from using time::Duration::seconds to parse Max-Age; very large integer values trigger a panic, potentially causing DoS. The Red Hat, Debian, GHSA, OSV, and RustSec records corroborate: the vulnerability is caused by Max-A...

CVE-2017-18589

An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic...

CVE-2017-18589

An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic...

CVE-2018-20995

The CVE-2018-20995 issue affects the Rust crate slice-deque prior to 0.1.16. The root cause is move_head_unchecked not updating the deque’s head/tail correctly when updates occur (front insert/remove or mirroring region edge cases), which can lead to memory corruption. Exploitation could cause re...

CVE-2018-20995

An issue was discovered in the slice-deque crate before 0.1.16 for Rust. moveheadunchecked allows memory corruption because deque updates are mishandled...

CVE-2018-20996

An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling...

CVE-2018-20996

An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling...

CVE-2018-20996

The CVE-2018-20996 issue affects the Rust crossbeam crate prior to 0.4.1, where a destructor mishandling leads to a double free. Affected component: crossbeam crate (Rust) before 0.4.1. Root cause: explicit double free due to destructor handling in the drop path. Impact stated in sources: high/cr...

CVE-2018-20997

An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing...

CVE-2018-20997

CVE-2018-20997 affects the openssl crate for Rust prior to 0.10.9, describing a use-after-free in CMS Signing. The provided documents do not include patch versions, mitigations, or explicit exploitation details; severity is cited as high/critical in external references (e.g., CVSS), but no exploi...

CVE-2018-20998

An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr attribute to an enum is mishandled, leading to memory corruption...

CVE-2018-20998

The CVE-2018-20998 issue affects the arrayfire crate for Rust prior to 3.6.0, where adding repr() to an enum is mishandled and can cause memory corruption. Multiple sources confirm the root cause is the repr() attribute interaction with C-FFI, leading to memory corruption on certain toolchains/Ru...

CVE-2019-15542

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

CVE-2019-15542

An issue in the ammonia crate for Rust (before 2.1.0) causes uncontrolled recursion during HTML DOM tree serialization in the affected component. The documents provide the vulnerability description but do not specify exploit vectors, practical impact beyond potential recursion, or concrete remedi...

CVE-2019-15542

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

CVE-2019-15543

CVE-2019-15543 refers to a memory corruption issue in the Rust slice-deque crate prior to 0.2.0. The vulnerability occurs in certain allocation patterns where mem::size_of::() % allocation_granularity() != 0 can cause memory corruption as elements are moved, enabling reading bytes from adjacent e...

CVE-2019-15543

An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases...

CVE-2019-15544

An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls...