44 matches found
EUVD-2021-1734
Malware in sbrugna...
EUVD-2021-1677
Malware in sbrugna...
CVE-2020-35864
An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. readscalar and readscalarat can transmute values without unsafe blocks...
CVE-2019-25004
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness...
arrow (>=0.14.0 <=4.4.0), arrow-flight (>=2.0.0 <=4.4.0) +73 more potentially affected by unknown CVE via flatbuffers (>=0.4.0 <=22.12.6)
flatbuffers CARGO version =0.4.0, =0.14.0, =2.0.0, =1.0.0, =0.2.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.17.0, =0.1.1, =0.1.0, =0.1.0, =0.1.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3JCH-9QGP-4844...
Generated code can read and write out of bounds in safe code
Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. All users that use generated code by flatbuffers compiler are recommended to: 1. not expose flatbuffer generated code as part of their public APIs 2. audit...
GHSA-3JCH-9QGP-4844 Generated code can read and write out of bounds in safe code
Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. All users that use generated code by flatbuffers compiler are recommended to: 1. not expose flatbuffer generated code as part of their public APIs 2. audit...
OSV-2021-1678 Heap-buffer-overflow in flatbuffers::EscapeString
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42244 Crash type: Heap-buffer-overflow READ 1 Crash state: flatbuffers::EscapeString flexbuffers::Reference::ToString void flexbuffers::AppendToString...
arrow (>=0.14.0 <=4.4.0), arrow-flight (>=2.0.0 <=4.4.0) +73 more potentially affected by unknown CVE via flatbuffers (>=0.4.0 <=22.12.6)
flatbuffers CARGO version =0.4.0, =0.14.0, =2.0.0, =1.0.0, =0.2.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.17.0, =0.1.1, =0.1.0, =0.1.0, =0.1.3 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0122...
Generated code can read and write out of bounds in safe code
Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. For example, if generated code is used to decode malformed or untrusted input, undefined behavior and thus security vulnerabilities is possible even without...
RUSTSEC-2021-0122 Generated code can read and write out of bounds in safe code
Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. For example, if generated code is used to decode malformed or untrusted input, undefined behavior and thus security vulnerabilities is possible even without...
OSV-2021-1249 Heap-buffer-overflow in int flatbuffers::ReadScalar<int>
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38578 Crash type: Heap-buffer-overflow READ 4 Crash state: int flatbuffers::ReadScalar flatbuffers::Table::GetVTable flatbuffers::Table::GetOptionalFieldOffset...
OSV-2021-1229 Heap-buffer-overflow in flatbuffers::JsonPrinter::GenFieldOffset
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38371 Crash type: Heap-buffer-overflow READ 4 Crash state: flatbuffers::JsonPrinter::GenFieldOffset flatbuffers::JsonPrinter::GenStruct flatbuffers::GenerateText...
abd-clam (>=0.10.0-dev0 <=0.12.1), alopex-dataframe (=0.2.0) +361 more potentially affected by CVE-2020-35864 via flatbuffers (>=0.4.0 <=25.12.19)
flatbuffers CARGO version =0.4.0, =0.10.0-dev0, =0.3.0, =0.6.0, =0.6.0, =0.14.0, =0.3.0, =28.0.0, =59.0.0 and more Source cves: CVE-2020-35864 Source advisory: OSV:GHSA-C9H5-HF8R-M97X...
GHSA-C9H5-HF8R-M97X Dangling reference in flatbuffers
An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. readscalar and readscalarat can transmute values without unsafe blocks...
Dangling reference in flatbuffers
An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. readscalar and readscalarat can transmute values without unsafe blocks...
arrow (>=0.14.0 <=0.15.1), blockbuffers (=0.1.0) +12 more potentially affected by CVE-2019-25004 via flatbuffers (>=0.4.0 <=0.5.0)
flatbuffers CARGO version =0.4.0, =0.14.0, =0.1.8, =0.1.0, =0.0.5, =0.1.0, =0.1.0, =0.2.0, =3.0.0, =1.0.0, =1.1.2, =1.2.0, =1.3.2 Source cves: CVE-2019-25004 Source advisory: OSV:GHSA-GX73-2498-R55C...
GHSA-GX73-2498-R55C Unsound casting in flatbuffers
The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool. In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code...
Unsound casting in flatbuffers
The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool. In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code...
OSV-2021-581 UNKNOWN READ in unsigned short flatbuffers::ReadScalar<unsigned short>
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32647 Crash type: UNKNOWN READ Crash state: unsigned short flatbuffers::ReadScalar flatbuffers::Table::GetOptionalFieldOffset flatbuffers::Table::CheckField...