Rust acc_reader crate has an unspecified vulnerability

Rust accreader crate is a structure that provides an AccReader that wraps an arbitrary instance of std::io::Read and provides an implementation of std::io::Seek for it. memory location. No details of the vulnerability are currently available...

Unspecified vulnerability exists in Rust acc_reader crate (CNVD-2022-04013)

Rust accreader crate is a structure that provides an AccReader that wraps an arbitrary instance of std::io::Read and provides an implementation of std::io::Seek for it. Readupto can read data from an uninitialized memory location. No details of the vulnerability are currently available...

OSV-2021-1641 Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41582 Crash type: Heap-buffer-overflow READ Crash state: std::1::basicstring, std::1::allocatorch void Assimp::Logger::warnchar const Assimp::NDOImporter::InternReadFile...

rust-toolset:ol8 security, bug fix, and enhancement update

rust-toolset 1.54.0-1 - Update to Rust and Cargo 1.54.0. 1.53.0-1 - Update to Rust and Cargo 1.53.0. rust 1.54.0-2 - Make std-static-wasm arch-specific to avoid s390x. 1.54.0-1 - Update to 1.54.0. 1.53.0-2 - Use llvm-ranlib to fix wasm archives. 1.53.0-1 - Update to 1.53.0. 1.52.1-2 - Set...

PYSEC-2021-629

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

PYSEC-2021-827

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

CVE-2021-41220 Use after free in `CollectiveReduceV2`

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

CVE-2021-41195

TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment operations results in a CHECK-fail related abort and denial of service if a segment id in segmentids is large. This is similar to CVE-2021-29584 and similar other reported...

OSV-2021-1392 Container-overflow in std::__1::__function::__func<uWS::TemplatedApp<false>&& uWS::TemplatedApp<false>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39354 Crash type: Container-overflow READ 1 Crash state: std::1::function::func&& uWS::TemplatedApp uWS::TopicTree::publish ofats::anydetail::handlertraitsvoid, uWS::WebSocketfalse, true, test...

OSV-2021-1390 Container-overflow in std::__1::__function::__func<uWS::TemplatedApp<false>&& uWS::TemplatedApp<false>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39348 Crash type: Container-overflow READ 1 Crash state: std::1::function::func&& uWS::TemplatedApp uWS::WebSocketfalse, true, test uWS::WebSocketfalse, true, test...

OSV-2021-1386 Container-overflow in std::__1::__function::__func<uWS::TemplatedApp<true>&& uWS::TemplatedApp<true>::

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39355 Crash type: Container-overflow READ 1 Crash state: std::1::function::func&& uWS::TemplatedApp:: uWS::TopicTree::publish uWS::TemplatedApp::publish...

OSV-2021-1317 Use-of-uninitialized-value in std::__1::basic_ostream<char, std::__1::char_traits<char> >& std::__1::__put_cha

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38824 Crash type: Use-of-uninitialized-value Crash state: std::1::basicostream & std::1::putcha ostream std::1::basicostream & std::1::putcha...

OSV-2021-1312 Use-of-uninitialized-value in std::__1::basic_ostream<char, std::__1::char_traits<char> >& std::__1::__put_cha

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38808 Crash type: Use-of-uninitialized-value Crash state: std::1::basicostream & std::1::putcha printjson fuzzdump.cpp...

OSV-2021-1305 Use-of-uninitialized-value in std::__1::basic_ostream<char, std::__1::char_traits<char> >& std::__1::__put_cha

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38831 Crash type: Use-of-uninitialized-value Crash state: std::1::basicostream & std::1::putcha S2LatLng::ToPoint s2textformat::ParsePoints...

OSV-2021-1275 Use-of-uninitialized-value in std::__1::basic_ostream<char, std::__1::char_traits<char> >& std::__1::__put_cha

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38785 Crash type: Use-of-uninitialized-value Crash state: std::1::basicostream & std::1::putcha S2LogMessage::S2LogMessage S2ContainsVertexQuery::ContainsSign...

OSV-2021-1269 Use-of-uninitialized-value in std::__1::basic_ostream<char, std::__1::char_traits<char> >& std::__1::__put_cha

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38777 Crash type: Use-of-uninitialized-value Crash state: std::1::basicostream & std::1::putcha S2LaxPolylineShape::Init S2LaxPolylineShape::S2LaxPolylineShape...

Assumed memory layout of std::net::SocketAddr

The socket2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

GHSA-QJ3V-Q2VJ-4C8H Calculation error in ark-r1cs-std

An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mulbyinverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified...

ark-bls12-377 (=0.2.0), ark-crypto-primitives (=0.2.0) +19 more potentially affected by CVE-2021-38194 via ark-r1cs-std (=0.2.0)

ark-r1cs-std CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on ark-r1cs-std and may be impacted: - ark-bls12-377 =0.2.0 - ark-crypto-primitives =0.2.0 - ark-curve-constraint-tests =0.2.0 - ark-ed-on-bls12-377 =0.2.0 -...

GHSA-HVQC-PC78-X9WH Soundness issue in raw-cpuid

VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. This flaw has been fixed in v9.0.0, by making the relevant structs reprC...