CVE-2020-35921

An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2020-35919

CVE-2020-35919 affects the Rust net2 crate prior to 0.2.36. Root cause: the crate makes false assumptions about the memory layout of std::net::SocketAddr, casting pointers to the system sockaddr representation. This can lead to invalid memory access if the standard library layout changes. The iss...

CVE-2020-35919

An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2020-35920

The CVE-2020-35920 entry concerns the Rust socket2 crate (before 0.3.16) that makes incorrect assumptions about the memory layout of std::net::SocketAddr. This mismatch can lead to invalid memory handling when converting between Rust socket addresses and system representations, potentially causin...

CVE-2020-35920

An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2020-35921

An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2020-35922

The CVE-2020-35922 issue affects the Rust mio crate prior to 0.7.6, where the component makes false assumptions about the memory representation of std::net::SocketAddr. This root cause stems from assuming SocketAddrV4/V6 share a memory layout with the system sockaddr, leading to unsafe casts and ...

`miow` invalidly assumes the memory layout of std::net::SocketAddr

The miow crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

`net2` invalidly assumes the memory layout of std::net::SocketAddr

The net2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

RUSTSEC-2020-0078 `net2` invalidly assumes the memory layout of std::net::SocketAddr

The net2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

`socket2` invalidly assumes the memory layout of std::net::SocketAddr

The socket2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

RUSTSEC-2020-0079 `socket2` invalidly assumes the memory layout of std::net::SocketAddr

The socket2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

RUSTSEC-2020-0081 `mio` invalidly assumes the memory layout of std::net::SocketAddr

The mio crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

skia:sksl2spirv: Segv on unknown address in std::__1::unique_ptr<SkSL::Expression, std::__1::default_delete<SkSL::Expression

Project: https://skia.googlesource.com/skia.git Detailed Report: https://oss-fuzz.com/testcase?key=6198631948091392 Project: skia Fuzzing Engine: libFuzzer Fuzz Target: sksl2spirv Job Type: libfuzzerasanskia Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State:...

CentOS 7 : OpenEXR (RHSA-2020:4039)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4039 advisory. - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refi...

std-ie.jp Cross Site Scripting vulnerability OBB-1417077

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Oracle Linux 7 : OpenEXR (ELSA-2020-4039)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4039 advisory. - fix CVE-2020-11764 1833552 - fix CVE-2020-11763 1833566 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 7 : OpenEXR (RHSA-2020:4039)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4039 advisory. OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. This...

std-ie.jp Cross Site Scripting vulnerability OBB-1353544

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

skia:sksl2spirv: Segv on unknown address in std::__1::default_delete<SkSL::Statement>::operator

Project: https://skia.googlesource.com/skia.git Detailed Report: https://oss-fuzz.com/testcase?key=4664685717356544 Project: skia Fuzzing Engine: libFuzzer Fuzz Target: sksl2spirv Job Type: libfuzzermsanskia Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State:...