243 matches found
hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.
Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...
ReaderResult should be bounded by Sync
Affected versions of this crate implements Sync for ReaderResult with the trait bound T: Send, E: Send. Since matching on the public enum ReaderResult provides access to &T & &E, allowing data race to a non-Sync type T or E. This can result in a memory corruption when multiple threads concurrentl...
RUSTSEC-2020-0107 hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.
Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...
Some lock_api lock guard objects can cause data races
Affected versions of lockapi had unsound implementations of the Send or Sync traits for some guard objects, namely: MappedMutexGuard MappedRwLockReadGuard MappedRwLockWriteGuard RwLockReadGuard RwLockWriteGuard These guards could allow data races through types that are not safe to Send across...
RUSTSEC-2020-0122 beef::Cow lacks a Sync bound on its Send trait allowing for data races
Affected versions of this crate did not have a T: Sync bound in the Send impl for Cow. This allows users to create data races by making Cow contain types that are Send && !Sync like Cell or RefCell. Such data races can lead to memory corruption. The flaw was corrected in commit d1c7658 by adding...
RUSTSEC-2020-0044 Unsafe Send implementation in Atom allows data races
The atom crate contains a security issue revolving around its implementation of the Send trait. It incorrectly allows any arbitrary type to be sent across threads potentially leading to use-after-free issues through memory races...
RUSTSEC-2020-0029 Allows viewing and modifying arbitrary structs as bytes
Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB as bytes, and do not correctly constrain RGB and other wrapper structures to the types for which it is safe to do so. Safety violation possible for a type wrapped in RGB and similar wrapper structures: If...
Allows viewing and modifying arbitrary structs as bytes
Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB as bytes, and do not correctly constrain RGB and other wrapper structures to the types for which it is safe to do so. Safety violation possible for a type wrapped in RGB and similar wrapper structures: If...
`LocalRequest::clone` creates multiple mutable references to the same object
The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time...
Fedora 31 : php (2019-a54a622670)
PHP version 7.3.13 18 Dec 2019 Bcmath: - Fixed bug php78878 Buffer underflow in bcshiftaddsub. CVE-2019-11046. cmb Core: - Fixed bug php78862 link silently truncates after a null byte on Windows. CVE-2019-11044. cmb - Fixed bug php78863 DirectoryIterator class silently truncates after a null byte...
RUSTSEC-2019-0036 Type confusion if __private_get_type_id__ is overridden
Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...
Type confusion if __private_get_type_id__ is overridden
Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...
CVE-2019-1010299
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...
CVE-2019-1010299
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...
CVE-2019-1010299
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...
CVE-2019-1010299
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...
Design/Logic Flaw
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...
CVE-2019-1010299
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...
CVE-2019-1010299
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...
Multiple memory safety issues
Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...