2519 matches found
GHSA-P6GJ-GPC8-F8XW Aliased mutable references from `tls_rand` & `TlsWyRand`
TlsWyRand's implementation of Deref unconditionally dereferences a raw pointer, and returns multiple mutable references to the same object, which is undefined behavior...
AtomicBucket<T> unconditionally implements Send/Sync
In the affected versions of the crate, AtomicBucket unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::datawith API. Such data races can potentially cause memory corruption or other undefined behavior. The flaw was...
GHSA-3HXH-7JXM-59X4 AtomicBucket<T> unconditionally implements Send/Sync
In the affected versions of the crate, AtomicBucket unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::datawith API. Such data races can potentially cause memory corruption or other undefined behavior. The flaw was...
Deserialization functions pass uninitialized memory to user-provided Read
Affected versions of this crate passed an uninitialized buffer to a user-provided Read instance in: deserializebinary deserializestring deserializeextensionothers deserializestringprimitive This can result in safe Read implementations reading from the uninitialized buffer leading to undefined...
GHSA-M325-RXJV-PWPH Deserialization functions pass uninitialized memory to user-provided Read
Affected versions of this crate passed an uninitialized buffer to a user-provided Read instance in: deserializebinary deserializestring deserializeextensionothers deserializestringprimitive This can result in safe Read implementations reading from the uninitialized buffer leading to undefined...
Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` )
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
GHSA-28P5-7RG4-8V99 Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` )
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
`Read` on uninitialized buffer may cause UB ( `read_entry()` )
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. There are two of such cases gooffsetlog::readentry & offsetlog::readentry. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect...
GHSA-P56P-GQ3F-WHG8 `Read` on uninitialized buffer may cause UB ( `read_entry()` )
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. There are two of such cases gooffsetlog::readentry & offsetlog::readentry. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect...
GHSA-MPG5-FVWP-42M2 Unsoundness in `dashmap` references
Reference returned by some methods of Ref and similar types may outlive the Ref and escape the lock. This causes undefined behavior and may result in a segfault. More information in dashmap167 issue...
`Read` on uninitialized memory may cause UB (fn preamble_skipcount())
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation within fn preambleskipcount. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading fro...
GHSA-R67P-M7G9-GXW6 `Read` on uninitialized memory may cause UB (fn preamble_skipcount())
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation within fn preambleskipcount. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading fro...
Non-aligned u32 read in Chacha20 encryption and decryption
The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...
GHSA-PMCV-MGCF-RVXG Non-aligned u32 read in Chacha20 encryption and decryption
The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...
GHSA-CXCC-Q839-2CW9 columnar: `Read` on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation ColumnarReadExt::readtypedvec. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading...
InputStream::read_exact : `Read` on uninitialized buffer causes UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
GHSA-HMX9-JM3V-33HV InputStream::read_exact : `Read` on uninitialized buffer causes UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
`Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
GHSA-5PHC-849H-VCXG `Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
`read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)
Affected versions of this crate calls a user provided Read implementation on an uninitialized buffer. Read on uninitialized buffer is defined as undefined behavior in Rust...