Lucene search
K

2521 matches found

OSV
OSV
added 2021/08/25 8:53 p.m.15 views

GHSA-3MF3-2GV9-H39J Uninitialized buffer use in marc

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Record::read. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialize...

7.5CVSS7.3AI score0.01498EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/08/25 8:53 p.m.44 views

Uninitialized buffer use in marc

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Record::read. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialize...

7.5CVSS7.2AI score0.01498EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:53 p.m.28 views

Soundness issue in raw-cpuid

VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. This flaw has been fixed in v9.0.0, by making the relevant structs reprC...

7.5CVSS7.3AI score0.01261EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/08/25 8:53 p.m.19 views

GHSA-HVQC-PC78-X9WH Soundness issue in raw-cpuid

VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. This flaw has been fixed in v9.0.0, by making the relevant structs reprC...

7.5CVSS6.2AI score0.01261EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/08/25 8:52 p.m.26 views

Read on uninitialized buffer in postscript

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

7.5CVSS7.2AI score0.01489EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/08/25 8:52 p.m.13 views

GHSA-FHVC-GP6C-H2WX Read on uninitialized buffer in postscript

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

7.5CVSS7.4AI score0.01489EPSS
Exploits1References5
OSV
OSV
added 2021/08/25 8:51 p.m.17 views

GHSA-3HJ2-HH36-HV9V Data race in va-ts

In the affected versions of this crate, Demuxer unconditionally implemented Send with no trait bounds on T. This allows sending a non-Send type T across thread boundaries, which can cause undefined behavior like unlocking a mutex from a thread that didn't lock the mutex, or memory corruption from...

5.9CVSS5.8AI score0.00801EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:51 p.m.30 views

Data race in va-ts

In the affected versions of this crate, Demuxer unconditionally implemented Send with no trait bounds on T. This allows sending a non-Send type T across thread boundaries, which can cause undefined behavior like unlocking a mutex from a thread that didn't lock the mutex, or memory corruption from...

5.9CVSS5.9AI score0.00801EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/25 8:51 p.m.22 views

GHSA-JPHW-P3M6-PJ3C Data races in multiqueue2

Affected versions of this crate unconditionally implemented Send for types used in queue implementations InnerSend, InnerRecv, FutInnerSend, FutInnerRecv. This allows users to send non-Send types to other threads, which can lead to data race bugs or other undefined behavior. The flaw was correcte...

5.9CVSS5.7AI score0.01107EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:51 p.m.27 views

Data races in multiqueue2

Affected versions of this crate unconditionally implemented Send for types used in queue implementations InnerSend, InnerRecv, FutInnerSend, FutInnerRecv. This allows users to send non-Send types to other threads, which can lead to data race bugs or other undefined behavior. The flaw was correcte...

5.9CVSS5.7AI score0.01107EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:50 p.m.23 views

Data races in late-static

Affected versions of this crate implemented Sync for LateStatic with T: Send, so that it is possible to create a data race to a type T: Send + !Sync e.g. Cell. This can result in a memory corruption or other kinds of undefined behavior. The flaw was corrected in commit 11f396c by replacing the T:...

7CVSS6.7AI score0.00357EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/08/25 8:50 p.m.11 views

GHSA-WR55-MF5C-HHWM Data races in late-static

Affected versions of this crate implemented Sync for LateStatic with T: Send, so that it is possible to create a data race to a type T: Send + !Sync e.g. Cell. This can result in a memory corruption or other kinds of undefined behavior. The flaw was corrected in commit 11f396c by replacing the T:...

7CVSS6.9AI score0.00357EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/08/25 8:50 p.m.32 views

Data races in gfwx

In the affected versions of this crate, ImageChunkMut unconditionally implements Send and Sync, allowing to create data races. This can result in a memory corruption or undefined behavior when non thread-safe types are moved and referenced across thread boundaries. The flaw was corrected in commi...

7CVSS6.7AI score0.00344EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/25 8:50 p.m.13 views

GHSA-XP6V-QX65-4PP7 Data races in gfwx

In the affected versions of this crate, ImageChunkMut unconditionally implements Send and Sync, allowing to create data races. This can result in a memory corruption or undefined behavior when non thread-safe types are moved and referenced across thread boundaries. The flaw was corrected in commi...

7CVSS6.9AI score0.00344EPSS
Exploits1References4
OSV
OSV
added 2021/08/25 8:47 p.m.12 views

GHSA-Q948-X8RF-888M os_str_bytes relies on undefined behavior of `char::from_u32_unchecked`

The Windows implementation of this crate relied on the behavior of std::char::fromu32unchecked when its safety clause is violated. Even though this worked with Rust versions up to 1.42 at least, that behavior could change with any new Rust version, possibly leading a security issue. The flaw was...

7.5CVSS7.5AI score0.01336EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:47 p.m.29 views

os_str_bytes relies on undefined behavior of `char::from_u32_unchecked`

The Windows implementation of this crate relied on the behavior of std::char::fromu32unchecked when its safety clause is violated. Even though this worked with Rust versions up to 1.42 at least, that behavior could change with any new Rust version, possibly leading a security issue. The flaw was...

7.5CVSS7.3AI score0.01336EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/08/25 8:46 p.m.5 views

GHSA-R98R-J25Q-RMPR Rust Failure Crate Vulnerable to Type confusion

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

9.8CVSS7.2AI score0.02851EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:46 p.m.26 views

Rust Failure Crate Vulnerable to Type confusion

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

9.8CVSS9AI score0.01475EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/08/25 8:44 p.m.17 views

GHSA-5RRV-M36H-QWF8 Use-after-free in chttp

The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior. A fix was published in version 0.1.3...

9.8CVSS9.5AI score0.01634EPSS
Exploits0References5
OSV
OSV
added 2021/08/25 8:44 p.m.13 views

GHSA-C3M3-C39Q-PV23 Out of bounds write in slice-deque

Affected versions of this crate entered a corrupted state if mem::sizeof:: % allocationgranularity != 0 and a specific allocation pattern was used: sufficiently shifting the deque elements over the mirrored page boundary. This allows an attacker that controls controls both element insertion and...

9.8CVSS9.2AI score0.01611EPSS
Exploits0References4
Rows per page
Query Builder