OSV-2021-635 Heap-use-after-free in std::__1::__tree_iterator<std::__1::__value_type<std::__1::basic_string<char, st

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33227 Crash type: Heap-use-after-free READ 8 Crash state: std::1::treeiteratorstd::1::valuetypestd::1::basicstringchar, st void draco::Metadata::AddEntrystd::1::vectorunsigned char, std::1::allocat...

CVE-2020-36323

CVE-2020-36323 – Rust stdlib string-joining optimization issue : The connected sources confirm a defect in Rust before 1.52.0 where a string-joining optimization could expose uninitialized bytes or cause a crash if the borrowed string changes after its length is checked. This is a security issue ...

CVE-2020-36317

The CVE-2020-36317 issue affects the Rust standard library prior to 1.49.0, where String::retain() can panic and allow creation of a non-UTF-8 Rust string. This may cause a memory-safety violation when other APIs assume UTF-8 on the same string. Several connected advisories confirm Rust 1.49.0 or...

OSV-2021-593 Heap-use-after-free in std::__1::vector<char, std::__1::allocator<char> >::size

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32822 Crash type: Heap-use-after-free READ 8 Crash state: std::1::vector ::size std::1::vector ::resize Assimp::TXmlParser::clear...

NewStart CGSL CORE 5.04 / MAIN 5.04 : OpenEXR Multiple Vulnerabilities (NS-SA-2021-0031)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has OpenEXR packages installed that are affected by multiple vulnerabilities: - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp...

OSV-2021-503 Use-after-poison in std::__1::unique_ptr<SkSL::Expression, std::__1::default_delete<SkSL::Expression

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31765 Crash type: Use-after-poison READ 8 Crash state: std::1::uniqueptrSkSL::Expression, std::1::defaultdeleteSkSL::Expression SkSL::DefinitionMap::getKnownDefinition SkSL::VariableReference::constantPropagate...

`quinn` invalidly assumes the memory layout of std::net::SocketAddr

The quinn crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

RUSTSEC-2021-0035 `quinn` invalidly assumes the memory layout of std::net::SocketAddr

The quinn crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

OSV-2021-480 UNKNOWN READ in std::__Fuzzer::basic_filebuf<char, std::__Fuzzer::char_traits<char> >::setbuf

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31578 Crash type: UNKNOWN READ Crash state: std::Fuzzer::basicfilebuf ::setbuf std::Fuzzer::basicfilebuf ::basicfil...

OSV-2021-449 UNKNOWN READ in std::pair<absl::lts_NUMBER_02_25::container_internal::raw_hash_set<absl::lts_NUM

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31393 Crash type: UNKNOWN READ Crash state: std::pair::Compute tensorflow::KernelAndDeviceOp::Run...

OSV-2021-448 Use-of-uninitialized-value in std::__1::__packaged_task_func<std::__1::__bind<grk::mct::decompress_irrev

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31365 Crash type: Use-of-uninitialized-value Crash state: std::1::packagedtaskfuncstd::1::bindgrk::mct::decompressirrev std::1::packagedtaskint ThreadPool::ThreadPool...

OSV-2021-426 Use-of-uninitialized-value in std::__1::__packaged_task_func<std::__1::__bind<grk::mct::decompress_irrev

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31180 Crash type: Use-of-uninitialized-value Crash state: std::1::packagedtaskfuncstd::1::bindgrk::mct::decompressirrev std::1::packagedtaskint ThreadPool::ThreadPool...

dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow Exploit

Exploit Title: dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow PoC Exploit Author: Kağan Çapar Vendor Homepage: https://www.ddc-web.com/ Software Link: https://www.ddc-web.com/en/connectivity/databus/milstd1553-1/software-1/bu-69414?partNumber=BU-69414 Version: 4.5.3 Tested On: Windows 10...

dataSIMS Avionics ARINC 664-1 4.5.3 Buffer Overflow

Exploit Title: dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow PoC Exploit Author: Kagan Capar Date: 2020-02-17 Vendor Homepage: https://www.ddc-web.com/ Software Link: https://www.ddc-web.com/en/connectivity/databus/milstd1553-1/software-1/bu-69414?partNumber=BU-69414 Version: 4.5.3 Tested...

CVE-2021-27376

An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures...

CVE-2021-27376

An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures...

CVE-2021-27376

CVE-2021-27376 affects the Rust crate nb-connect , file/socket handling. The issue arises from a direct cast of std::net::SocketAddrV4 and SocketAddrV6, relying on the wrong assumption about memory layout, which can lead to invalid memory access. The Red Hat and GHSA/RustSec entries confirm the r...

`nb-connect` invalidly assumes the memory layout of std::net::SocketAddr

The nb-connect crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about...

RUSTSEC-2021-0021 `nb-connect` invalidly assumes the memory layout of std::net::SocketAddr

The nb-connect crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about...

CVE-2021-26958

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::castevent uses std::mem::transmute to return a reference to an arbitrary type...