CVE-2019-15551

An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity...

CVE-2019-15551

An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity...

CVE-2019-15551

CVE-2019-15551 concerns the Rust smallvec crate prior to 0.6.10. The issue is a double free when growing a SmallVec whose current capacity matches the growth size, potentially enabling use-after-free conditions. Documents from multiple sources (GHSA advisory, Red Hat, SUSE, OSV, Debian, and NVD) ...

CVE-2019-15554

CVE-2019-15554 affects the Rust smallvec crate prior to 0.6.10. The issue is memory corruption when grow is called on a spilled SmallVec with a value smaller than current capacity, with potential to leak memory contents or enable remote code execution per OSV description. No explicit remediation/...

CVE-2019-15554

An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity...

CVE-2019-15554

An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity...

CVE-2019-15553

CVE-2019-15553 affects the memoffset crate for Rust prior to version 0.5.0. The issue in offset_of and span_of can expose uninitialized memory, representing a memory-safety vulnerability. The connected documents confirm this vulnerability description; no exploitation details or patch availability...

CVE-2019-15553

An issue was discovered in the memoffset crate before 0.5.0 for Rust. offsetof and spanof can cause exposure of uninitialized memory...

CVE-2019-15553

An issue was discovered in the memoffset crate before 0.5.0 for Rust. offsetof and spanof can cause exposure of uninitialized memory...

CVE-2019-15550

The CVE-2019-15550 issue affects the simd-json crate for Rust (before 0.1.15). The root cause is an out-of-bounds read caused by memory access that can cross a page boundary during string parsing, risking segmentation faults and service crashes. Several sources (OSV, GHSA/GitHub advisories, Red H...

CVE-2018-21000

CVE-2018-21000 affects the Rust crate safe-transmute prior to 0.10.1. The issue is that a constructor’s arguments are provided in the wrong order, leading to heap memory corruption. This can result in memory corruption or data leakage as described in multiple sources. There is no exploitation det...

CVE-2018-20999

CVE-2018-20999 affects the Rust crate orion (before version 0.11.2). The issue arises from reset() calls that can produce incorrect results by mishandling streaming state. The root cause is that the state could be reset without ensuring proper finalization, leading to corrupted streaming state an...

CVE-2018-20991

An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free...

CVE-2018-20991

The CVE-2018-20991 issue affects the Rust smallvec crate up to version 0.6.3. The root cause is an Iterator implementation that mishandles destructors, which can lead to a double free. This vulnerability is documented as affecting smallvec prior to 0.6.3, with multiple advisories (OSV, NVD) confi...

CVE-2018-20991

An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free...

CVE-2018-20990

An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive...

CVE-2018-20994

An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled...

CVE-2018-20992

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled...

CVE-2018-20993

An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization...

CVE-2018-20994

An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled...