GHSA-VFVV-C25P-M7MM rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution

InlineVec::clear and SerVec::clear in rkyv were not panic-safe. Both functions iterate over their elements and call dropinplace on each, updating self.len only after the loop. If an element's Drop implementation panics during the loop, self.len is left at its original value. A subsequent invocati...

rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution

InlineVec::clear and SerVec::clear in rkyv were not panic-safe. Both functions iterate over their elements and call dropinplace on each, updating self.len only after the loop. If an element's Drop implementation panics during the loop, self.len is left at its original value. A subsequent invocati...

Astra Linux - уязвимость в rustc

In the standard library of Rust before version 1.2.0, BinaryHeap is not panic-safe. The binary heap becomes in an inconsistent state when the comparison of generic elements within siftup or siftdownrange causes a panic. This bug results in a decrease of zeroed memory of an arbitrary type, which c...

RUSTSEC-2026-0122 Potential use-after-free due to lack of panic safety in `InlineVec::clear` and `SerVec::clear`

InlineVec::clear and SerVec::clear in rkyv were not panic-safe. Both functions iterate over their elements and call dropinplace on each, updating self.len only after the loop. If an element's Drop implementation panics during the loop, self.len is left at its original value. A subsequent invocati...

Potential use-after-free due to lack of panic safety in `InlineVec::clear` and `SerVec::clear`

InlineVec::clear and SerVec::clear in rkyv were not panic-safe. Both functions iterate over their elements and call dropinplace on each, updating self.len only after the loop. If an element's Drop implementation panics during the loop, self.len is left at its original value. A subsequent invocati...

EUVD-2020-23859

Malware in sbrugna...

EUVD-2015-2105

Malware in sbrugna...

EUVD-2021-15529

Malware in sbrugna...

EUVD-2025-29529

Malicious code in bioql PyPI...

GHSA-XQJR-WFX3-GMXV ArrayQueue's push_front is not panic-safe

The safe API arrayqueue::ArrayQueue::pushfront can lead to deallocating uninitialized memory if a panic occurs while invoking the clone method on the passed argument. Specifically, pushfront receives an argument that is intended to be cloned and pushed, whose type implements the Clone trait...

ArrayQueue's push_front is not panic-safe

The safe API arrayqueue::ArrayQueue::pushfront can lead to deallocating uninitialized memory if a panic occurs while invoking the clone method on the passed argument. Specifically, pushfront receives an argument that is intended to be cloned and pushed, whose type implements the Clone trait...

RUSTSEC-2025-0054 ArrayQueue::push_front is not panic-safe

The safe API arrayqueue::ArrayQueue::pushfront can lead to deallocating uninitialized memory if a panic occurs while invoking the clone method on the passed argument. Specifically, pushfront receives an argument that is intended to be cloned and pushed, whose type implements the Clone trait...

Rocky Linux 8 : rust-toolset:rhel8 (RLSA-2021:1935)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1935 advisory. - In the standard library in Rust before 1.49.0, String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when...

SUSE CVE-2020-36317

In the standard library in Rust before 1.49.0, String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sa...

SUSE CVE-2021-28876

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety...

Denial Of Service (DoS)

rustc:sid is vulnerable to denial of service. The String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the...

Missing release of memory in sized-chunks

Chunk: Array size is not checked when constructed with unit and pair. Array size is not checked when constructed with From. Clone and insertfrom are not panic-safe; A panicking iterator causes memory safety issues with them. InlineArray: Generates unaligned references for types with a large...

CentOS 8 : rust-toolset:rhel8 (CESA-2021:3063)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3063 advisory. - rust: optimization for joining strings can cause uninitialized bytes to be exposed CVE-2020-36323 - rust: heap-based buffer overflow in readtoend...

rust: panic safety issue in Zip implementation

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety...

rust: panic safety issue in Zip implementation

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety...