Lucene search
K

243 matches found

RustSec
RustSec
added 2020/11/10 12:0 p.m.24 views

hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...

7.5CVSS3AI score0.0136EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2020/11/10 12:0 p.m.20 views

ReaderResult should be bounded by Sync

Affected versions of this crate implements Sync for ReaderResult with the trait bound T: Send, E: Send. Since matching on the public enum ReaderResult provides access to &T & &E, allowing data race to a non-Sync type T or E. This can result in a memory corruption when multiple threads concurrentl...

8.1CVSS1.1AI score0.00833EPSS
Exploits1
OSV
OSV
added 2020/11/10 12:0 p.m.32 views

RUSTSEC-2020-0107 hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...

7.5CVSS7.7AI score0.0136EPSS
Exploits1References3
RustSec
RustSec
added 2020/11/08 12:0 p.m.30 views

Some lock_api lock guard objects can cause data races

Affected versions of lockapi had unsound implementations of the Send or Sync traits for some guard objects, namely: MappedMutexGuard MappedRwLockReadGuard MappedRwLockWriteGuard RwLockReadGuard RwLockWriteGuard These guards could allow data races through types that are not safe to Send across...

5.5CVSS2.2AI score0.00324EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/10/28 12:0 p.m.29 views

RUSTSEC-2020-0122 beef::Cow lacks a Sync bound on its Send trait allowing for data races

Affected versions of this crate did not have a T: Sync bound in the Send impl for Cow. This allows users to create data races by making Cow contain types that are Send && !Sync like Cell or RefCell. Such data races can lead to memory corruption. The flaw was corrected in commit d1c7658 by adding...

8.1CVSS7.9AI score0.00766EPSS
Exploits0References3
OSV
OSV
added 2020/09/21 12:0 p.m.26 views

RUSTSEC-2020-0044 Unsafe Send implementation in Atom allows data races

The atom crate contains a security issue revolving around its implementation of the Send trait. It incorrectly allows any arbitrary type to be sent across threads potentially leading to use-after-free issues through memory races...

4.7CVSS4.8AI score0.00196EPSS
Exploits0References3
OSV
OSV
added 2020/06/14 12:0 p.m.22 views

RUSTSEC-2020-0029 Allows viewing and modifying arbitrary structs as bytes

Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB as bytes, and do not correctly constrain RGB and other wrapper structures to the types for which it is safe to do so. Safety violation possible for a type wrapped in RGB and similar wrapper structures: If...

9.1CVSS9.3AI score0.01595EPSS
Exploits1References3
RustSec
RustSec
added 2020/06/14 12:0 p.m.20 views

Allows viewing and modifying arbitrary structs as bytes

Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB as bytes, and do not correctly constrain RGB and other wrapper structures to the types for which it is safe to do so. Safety violation possible for a type wrapped in RGB and similar wrapper structures: If...

9.1CVSS4.2AI score0.01595EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2020/05/27 12:0 p.m.206 views

`LocalRequest::clone` creates multiple mutable references to the same object

The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time...

8.1CVSS4.1AI score0.00957EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/01/06 12:0 a.m.75 views

Fedora 31 : php (2019-a54a622670)

PHP version 7.3.13 18 Dec 2019 Bcmath: - Fixed bug php78878 Buffer underflow in bcshiftaddsub. CVE-2019-11046. cmb Core: - Fixed bug php78862 link silently truncates after a null byte on Windows. CVE-2019-11044. cmb - Fixed bug php78863 DirectoryIterator class silently truncates after a null byte...

9.8CVSS6.9AI score0.08818EPSS
Exploits5References7
OSV
OSV
added 2019/11/13 12:0 p.m.31 views

RUSTSEC-2019-0036 Type confusion if __private_get_type_id__ is overridden

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

9.8CVSS9.4AI score0.02874EPSS
Exploits1References3
RustSec
RustSec
added 2019/11/13 12:0 p.m.25 views

Type confusion if __private_get_type_id__ is overridden

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

9.8CVSS3.8AI score0.01487EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2019/08/01 11:22 p.m.27 views

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

5.3CVSS4.7AI score0.01516EPSS
Exploits1References2
OSV
OSV
added 2019/07/15 6:15 p.m.19 views

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

5.3CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2019/07/15 6:15 p.m.32 views

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

5.3CVSS5.2AI score0.01516EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/07/15 6:15 p.m.41 views

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

5.3CVSS5.9AI score0.01516EPSS
Exploits1References3
Prion
Prion
added 2019/07/15 6:15 p.m.15 views

Design/Logic Flaw

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

5CVSS5.2AI score0.01516EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2019/07/15 5:18 p.m.67 views

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

5.3CVSS4.8AI score0.01516EPSS
Exploits1
Cvelist
Cvelist
added 2019/07/15 5:18 p.m.49 views

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

5.2AI score0.01516EPSS
Exploits1References2
RustSec
RustSec
added 2018/06/08 12:0 p.m.19 views

Multiple memory safety issues

Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...

9.8CVSS2AI score0.01324EPSS
Exploits0Affected Software1
Rows per page
Query Builder