25 matches found
USN-8118-1 rust-sized-chunks vulnerabilities
Yechan Bae discovered that sized-chunks did not properly validate array size when constructing Chunk. An attacker could possibly use these issues to cause out-of-bounds access, leading to memory corruption or undefined behavior. CVE-2020-25791, CVE-2020-25792, CVE-2020-25793 Yechan Bae discovered...
USN-8118-1: sized-chunks vulnerabilities
Yechan Bae discovered that sized-chunks did not properly validate array size when constructing Chunk. An attacker could possibly use these issues to cause out-of-bounds access, leading to memory corruption or undefined behavior. CVE-2020-25791, CVE-2020-25792, CVE-2020-25793 Yechan Bae discovered...
EUVD-2021-1969
Malware in sbrugna...
EUVD-2022-2752
Malicious code in bioql PyPI...
ArrayQueue's push_front is not panic-safe
The safe API arrayqueue::ArrayQueue::pushfront can lead to deallocating uninitialized memory if a panic occurs while invoking the clone method on the passed argument. Specifically, pushfront receives an argument that is intended to be cloned and pushed, whose type implements the Clone trait...
RUSTSEC-2025-0054 ArrayQueue::push_front is not panic-safe
The safe API arrayqueue::ArrayQueue::pushfront can lead to deallocating uninitialized memory if a panic occurs while invoking the clone method on the passed argument. Specifically, pushfront receives an argument that is intended to be cloned and pushed, whose type implements the Clone trait...
CVE-2021-30455
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clonefrom upon a .clone panic...
CVE-2021-26954
An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insertsliceclone can perform a double drop...
CVE-2021-30455
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clonefrom upon a .clone panic...
CVE-2021-30455
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clonefrom upon a .clone panic...
Double free
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clonefrom upon a .clone panic...
CVE-2021-30455
Summary: The CVE-2021-30455 entry concerns the Rust id-map crate (up to 2021-02-26) with a vulnerability causing a double free in IdMap::clone_from when a .clone panics. Multiple connected sources corroborate a double-free scenario during cloning, including Red Hat, OSV advisories, CNVD, and CVE ...
CVE-2021-29937
An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone call panics within misc::vecwithsize...
CVE-2021-28034
An issue was discovered in the stackdst crate before 0.6.1 for Rust. Because of the pushinner behavior, a double free can occur upon a val.clone panic...
CVE-2021-28035
An issue was discovered in the stackdst crate before 0.6.1 for Rust. Because of the pushinner behavior, a drop of uninitialized memory can occur upon a val.clone panic...
misc::vec_with_size() can drop uninitialized memory if clone panics
misc::vecwithsize creates a vector of the provided size and immediately calls vec.setlensize on it, initially filling it with uninitialized memory. It then inserts elements using veci = value.clone. If the value.clone call panics, uninitialized items in the vector will be dropped leading to...
CVE-2021-26954
An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insertsliceclone can perform a double drop...
CVE-2021-26954
An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insertsliceclone can perform a double drop...
Double free
An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insertsliceclone can perform a double drop...
CVE-2021-26954
CVE-2021-26954 affects the Rust crate qwutils prior to 0.3.1. When a Clone panic occurs, the function insert_slice_clone can perform a double drop (and potentially a double-free) due to temporary ownership duplication during insertion into a Vec. The root cause is related to how ownership is hand...