GHSA-XG8P-34W2-J49J linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::initfromslice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Initializati...

linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::initfromslice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Initializati...

Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

GHSA-QRJV-RF5Q-QPXC Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

Unbounded memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

Uncontrolled Recursion in rulex

Impact When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if - your service...

Sniffglue - Secure Multithreaded Packet Sniffer

sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Project goals are that you can run sniffglue securely on untrusted networks and that it must not crash when processing packets. The output should be as useful as...