Duplicate Advisory: buffered-reader vulnerable to out-of-bounds array access leading to panic

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-29mf-62xx-28jq. This link is maintained to preserve external references. Original Description The buffered-reader crate before 1.2.0 for Rust allows out-of-bounds array access and a panic...

GHSA-Q5H2-XQ96-6GMC Duplicate Advisory: buffered-reader vulnerable to out-of-bounds array access leading to panic

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-29mf-62xx-28jq. This link is maintained to preserve external references. Original Description The buffered-reader crate before 1.2.0 for Rust allows out-of-bounds array access and a panic...

GHSA-G693-V3JR-8HCR Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair...

Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair...

GHSA-GW89-822V-8V8G Duplicate Advisory: `openssl` `X509VerifyParamRef::set_host` buffer over-read

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xcf7-rvmh-g6q4. This link is maintained to preserve external references. Original Description The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to...

GHSA-5C5J-JMHX-Q2GR Duplicate Advisory: gix-transport code execution vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rrjw-j4m2-mf34. This link is maintained to preserve external references. Original Description The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone...

GHSA-97F8-H76H-F297 Duplicate Advisory: Unauthenticated Nonce Increment in snow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7g9j-g5jg-3vv3. This link is maintained to preserve external references. Original Description The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby...

CVE-2023-53157

The rosenpass crate before 0.2.1 for Rust allows remote attackers to cause a denial of service panic via a one-byte UDP packet...

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rr69-rxr6-8qwf. This link is maintained to preserve external references. Original Description The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

GHSA-G97W-MW7G-V3JV Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references. Original Description The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation...

Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references. Original Description The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation...

CVE-2023-53156

The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...

GHSA-5R4R-9FGH-PW53 memory_pages division by zero

In the memorypages crate 0.1.0 for Rust, division by zero can occur...

CVE-2025-47735

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

CVE-2024-58253

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value...

CVE-2023-33289

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."...

NLnet Labs Routinator 缓冲区错误漏洞

NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure authenticator written in Rust from Stichting NLnet Stichting Nlnet Labs in the Netherlands. A security vulnerability exists in NLnet Labs Routinator, which stems from the mismanagement of system resources e.g., memory, disk space...

Free of uninitialized memory in telemetry

An issue was discovered in the telemetry crate through 0.1.2 for Rust. There is a drop of uninitialized memory if a value.clone call panics within misc::vecwithsize...

GHSA-3H87-V52R-P9RG Out of bounds write in reorder

swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...