7 matches found
CVE-2026-57433
CVE-2026-57433 affects Perl’s Storable before 3.41. A signed 32-bit item count read from an SX_HOOK record is added to one and then fed to av_extend; when the count equals I32_MAX the addition overflows to negative, causing av_extend to panic during thaw/retrieve and terminate deserialization. Mu...
CVE-2025-69255 RustFS gRPC GetMetrics deserialization panic enables remote DoS
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics...
CVE-2025-69255 RustFS gRPC GetMetrics deserialization panic enables remote DoS
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics...
EUVD-2026-1161
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics...
CVE-2025-69255 RustFS gRPC GetMetrics deserialization panic enables remote DoS
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics...
CVE-2021-28033
An issue was discovered in the bytestruct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics...
CVE-2021-28033
An issue was discovered in the bytestruct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics...