Arrow2 allows double free in `safe` code

The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...

sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c

An integer overflow vulnerability was found in sysstat in the way the sadf command processes the contents of data files created by the sar command. A local attacker could exploit this flaw by creating a specially crafted file with malformed data that, when loaded by a victim, causes the applicati...

GSD-2022-1000058 mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'

mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfstargetidswrite' This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.13 by commit...

SingleNativeTokenExitV2 assumes first exchange holds the outputToken

Handle kenzo Vulnerability details SingleNativeTokenExitV2 allows the user to exit and execute trades via multiple exchanges. When finishing the trades and sending a single output token back to the user, the contract takes that token from the last swap in the first exchange's trades. There is...

GSD-2021-1002201 IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

IB/qib: Protect from buffer overflow in struct qibusersdmapkt fields This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15 by commit...

GSD-2021-1002018 IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

IB/qib: Protect from buffer overflow in struct qibusersdmapkt fields This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.157 by commit...

GSD-2021-1001987 IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

IB/qib: Protect from buffer overflow in struct qibusersdmapkt fields This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.216 by commit...

UVI-2021-1001964 IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

IB/qib: Protect from buffer overflow in struct qibusersdmapkt fields This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.255 by commit...

UVI-2021-1001943 IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

IB/qib: Protect from buffer overflow in struct qibusersdmapkt fields This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.290 by commit...

GHSA-XV8X-PR4H-73JV Memory corruption when returning a literal struct with a private call inside of it

Impact When performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. Patches 0.3.0 / 2447...

CVE-2021-41121

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0...

PYSEC-2021-365

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0...

Memory corruption

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0...

PT-2021-23104 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.0 Description: The issue occurs when performing a function call inside a literal struct, resulting in a memory corruption problem due to an incorrect pointer to the top of the stack. Recommendations: For versions...

Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`

Affected versions of this crate maintains references to memory that might have been freed already. If affects the following two tremor-script language constructs: A Merge where we assign the result back to the target expression and the expression to be merged needs to reference the event: let sta...

RUSTSEC-2021-0111 Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`

Affected versions of this crate maintains references to memory that might have been freed already. If affects the following two tremor-script language constructs: A Merge where we assign the result back to the target expression and the expression to be merged needs to reference the event: let sta...

GHSA-W5CR-FRPH-HW7F Use of uninitialized buffer in rkyv

An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct...

GHSA-9WGH-VJJ7-7433 Mutable reference with immutable provenance in image

A mutable reference to a struct was constructed by dereferencing a pointer obtained from slice::asptr. Instead, slice::asmutptr should have been called on the mutable slice argument. The former performs an implicit reborrow as an immutable shared reference which does not allow writing through the...

GHSA-8RC5-MR4F-M243 Use after free in rio

An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race...

GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated) Exploit

Exploit Title: GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload Unauthenticated Exploit Author: Amin Bohio Original Research & Code By: Paul Taylor / Foregenix Ltd Original Exploit: https://github.com/bao7uo/RAUcrypto Vendor Homepage: https://www.gfi.com Software Link:...