4 matches found
UBUNTU-CVE-2026-5223
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...
CVE-2026-5223
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...
`fast-float` has multiple soundness issues
fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...
Multiple soundness issues in lexical
lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...