move_elements can double-free objects on panic

Affected versions of scratchpad used ptr::read to read elements while calling a user provided function f on them. Since the pointer read duplicates ownership, a panic inside the user provided f function could cause a double free when unwinding. The flaw was fixed in commit 891561bea by removing t...

GHSA-3QM2-RFQW-FMRW move_elements can double-free objects on panic

Affected versions of scratchpad used ptr::read to read elements while calling a user provided function f on them. Since the pointer read duplicates ownership, a panic inside the user provided f function could cause a double free when unwinding. The flaw was fixed in commit 891561bea by removing t...

Use After Free in lru

Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop, will remove and free the value, and but it's still possible to access the reference of value which is already dropped causing use after free...

GHSA-V362-2895-H9R2 Use After Free in lru

Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop, will remove and free the value, and but it's still possible to access the reference of value which is already dropped causing use after free...

GSD-2021-1002833 KVM: x86/mmu: Don't advance iterator after restart due to yielding

KVM: x86/mmu: Don't advance iterator after restart due to yielding This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.12 by commit...

Design/Logic Flaw

An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation...

Use after free in lru crate

Lru crate has use after free vulnerability. Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop, will remove and free the value, and but it's still possible to access the reference of value which is already...

RUSTSEC-2021-0130 Use after free in lru crate

Lru crate has use after free vulnerability. Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop, will remove and free the value, and but it's still possible to access the reference of value which is already...

Denial Of Service (DoS)

rustc:sid is vulnerable to denial of service. The Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again...

Gravity null pointer dereference vulnerability

Gravity is a powerful, dynamically typed, lightweight, embedded programming language written in C. A null pointer dereference vulnerability exists in the listiteratornext function in gravitycore.c in Gravity 0.8.1 and earlier versions. An attacker could exploit this vulnerability to cause a denia...

CVE-2021-32285

An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function listiteratornext located in gravitycore.c. It allows an attacker to cause Denial of Service...

GHSA-WCVP-R8J8-47PC Double free in toodee

When inserting rows from an iterator at a particular index, toodee would shift items over, duplicating their ownership. The space reserved for the new elements was based on the len returned by the ExactSizeIterator. This could result in elements in the array being freed twice if the iterator...

Double free in toodee

When inserting rows from an iterator at a particular index, toodee would shift items over, duplicating their ownership. The space reserved for the new elements was based on the len returned by the ExactSizeIterator. This could result in elements in the array being freed twice if the iterator...

GHSA-6GVC-4JVJ-PWQ4 Duplicate Advisory: Use after free in libpulse-binding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f56g-chqp-22m9. This link is maintained to preserve external references. Original Description An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a...

Duplicate Advisory: Use after free in libpulse-binding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f56g-chqp-22m9. This link is maintained to preserve external references. Original Description An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a...

GHSA-JPWG-6GF5-5VH9 Out of bounds write in reorder

swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...

Out of bounds write in reorder

swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...

Out of bounds write in reorder

swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...

GHSA-3H87-V52R-P9RG Out of bounds write in reorder

swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...

GHSA-RXR4-X558-X7HW Double free in smallvec

If an iterator passed to SmallVec::insertmany panicked in Iterator::next, destructors were run during unwinding while the vector was in an inconsistent state, possibly causing a double free a destructor running on two copies of the same value. This is fixed in smallvec 0.6.3 by ensuring that the...