GHSA-V5M7-53CV-F3HX crossbeam-channel Undefined Behavior before v0.4.4

Impact The affected version of this crate's the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel...

GHSA-VFQX-HV88-F9CV Double-free in id-map

A double free can occur in getorinsert upon a panic of a user-provided f function. getorinsert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped...

Incorrect buffer size in crossbeam-channel

The affected version of this crate's the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec...

GHSA-M8H8-V6JH-C762 Incorrect buffer size in crossbeam-channel

The affected version of this crate's the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec...

Double free in alpm-rs

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation...

GHSA-QC4M-GC8R-MG8M Double free in alpm-rs

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation...

Use after free in internment

ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory. This was fixed by serializing access to an interned object while it is being deallocated. Versions prior to 0.3.12 used stronger locking which...

GHSA-M7FM-4JFH-JRG6 Use after free in boosted trees creation

Impact The implementation for tf.rawops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments: python import tensorflow as tf v= tf.Variable0.0 tf.rawops.BoostedTreesCreateEnsemble treeensemblehandle=v.handle, stamptoken=0,...

GHSA-CMGW-8VPC-RC59 Segfault on strings tensors with mistmatched dimensions, due to Go code

Impact Under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method...

CVE-2021-37692

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

PYSEC-2021-803

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

CVE-2021-37692

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

PYSEC-2021-803

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

PYSEC-2021-314

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

Unauthorized Access

InspIRCd allows unauthorized access.Any user is able to access recently deallocated memory via a malformed PONG issue...

CVE-2021-33586

InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user able to connect to the server to access recently deallocated memory, aka the "malformed PONG" issue...

libaom 安全漏洞

libaom is a software application. A reference codec for the AOMedia Video 1 format. A security vulnerability exists in libaom image.c in versions prior to AOMedia 21-04-07, which stems from incorrectly freeing memory. No details of the vulnerability are provided at this time...

USN-4710-1: Linux kernel vulnerability

Kiyin 尹亮 discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service kernel memory exhaustion...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4711-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4711-1 advisory. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY...