CVE-2018-20991

An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free...

CVE-2018-20991

The CVE-2018-20991 issue affects the Rust smallvec crate up to version 0.6.3. The root cause is an Iterator implementation that mishandles destructors, which can lead to a double free. This vulnerability is documented as affecting smallvec prior to 0.6.3, with multiple advisories (OSV, NVD) confi...

RUSTSEC-2019-0012 Memory corruption in SmallVec::grow()

Attempting to call grow on a spilled SmallVec with a value less than the current capacity causes corruption of memory allocator data structures. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution. Credits to @ehuss for...

Memory corruption in SmallVec::grow()

Attempting to call grow on a spilled SmallVec with a value less than the current capacity causes corruption of memory allocator data structures. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution. Credits to @ehuss for...

RUSTSEC-2019-0009 Double-free and use-after-free in SmallVec::grow()

Attempting to call grow on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents. An attacker that controls the value passed to grow...

Double-free and use-after-free in SmallVec::grow()

Attempting to call grow on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents. An attacker that controls the value passed to grow...

RUSTSEC-2018-0018 smallvec creates uninitialized value of any type

Affected versions of this crate called mem::uninitialized to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null and thus may not remain uninitialized. The flaw was corrected by avoiding the use of mem::uninitialized, using MaybeUninit...

smallvec creates uninitialized value of any type

Affected versions of this crate called mem::uninitialized to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null and thus may not remain uninitialized. The flaw was corrected by avoiding the use of mem::uninitialized, using MaybeUninit...

acto-rs (>=0.2.9 <=0.3.7), alumina (>=0.1.0 <=0.1.1) +378 more potentially affected by CVE-2018-25023 via smallvec (>=0.1.8 <=0.5.1)

smallvec CARGO version =0.1.8, =0.2.9, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.2, =1.0.0, =1.1.0 - approveapi =0.1.0 and more Source cves: CVE-2018-25023 Source advisory: OSV:RUSTSEC-2018-0018...

Boa (>=0.9.0 <=0.10.0), GetPDB (>=0.1.0 <=1.0.1) +5081 more potentially affected by CVE-2018-20991 via smallvec (>=0.6.13 <=0.6.14)

smallvec CARGO version =0.6.13, =0.9.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.1.0, =0.5.0, =0.5.0, =0.5.2 and more Source cves: CVE-2018-20991 Source advisory: OSV:RUSTSEC-2018-0003...

RUSTSEC-2018-0003 Possible double free during unwinding in SmallVec::insert_many

If an iterator passed to SmallVec::insertmany panicked in Iterator::next, destructors were run during unwinding while the vector was in an inconsistent state, possibly causing a double free a destructor running on two copies of the same value. This is fixed in smallvec 0.6.3 by ensuring that the...

Possible double free during unwinding in SmallVec::insert_many

If an iterator passed to SmallVec::insertmany panicked in Iterator::next, destructors were run during unwinding while the vector was in an inconsistent state, possibly causing a double free a destructor running on two copies of the same value. This is fixed in smallvec 0.6.3 by ensuring that the...