2549 matches found
GHSA-FF9Q-RM55-Q7QR diesel-async may expose uninitialized padding bytes for MySQL temporal columns
Summary diesel-async exposes uninitialized stack padding to safe code on every read of a MySQL DATE, TIME, DATETIME, or TIMESTAMP column. Reading that buffer is undefined behavior, and the leaked bytes can contain stale heap/stack contents, so this is both a soundness bug and a potential...
OpenEXR 输入验证错误漏洞
OpenEXR is an open standard for high dynamic range image HDR file formats, open-sourced by the Academy Software Foundation. There were input validation vulnerabilities in versions 3.0.0 to 3.2.9, 3.3.0 to 3.3.11, and 3.4.0 to 3.4.11 of OpenEXR. These vulnerabilities stemmed from the...
PT-2026-38335
Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10 Description The readVariableLengthInteger function decodes a variable-length integer from untrusted EXR input without bounding the...
CVE-2026-42217
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...
Linux Distros Unpatched Vulnerability : CVE-2026-43141
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntb: ntbhwswitchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero, in such scenario...
rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation...
GHSA-XP3W-R5P5-63RR rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation...
PT-2026-37265
Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.9.7 through 0.10.78 Description The X509Ref::ocsp responders function returns OCSP responder URLs from a certificate's AIA extension as OpensslString. The Deref implementation wraps raw bytes using str::from utf8...
RUSTSEC-2026-0133 Invalid pointer arithmetic in `iter()` and `iter_mut()`
The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs — iter and itermut —...
RUSTSEC-2026-0123 Out-of-bounds read in `bytes_helper` public safe functions
The byteshelper module contains multiple public functions intoarr4, intoarr2, u8fromlebytes that use slice.getuncheckedpos..pos + N without verifying that pos + N = slice.len. These are public safe API functions, allowing any caller to trigger undefined behavior by passing invalid positions. For...
Invalid pointer arithmetic in `iter()` and `iter_mut()`
The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs — iter and itermut —...
Null-pointer dereference and double-free via safe APIs
Two soundness violations exist in the Rust bindings for MetaCall: Null-pointer dereference: MetaCallFuture::newraw accepts a raw pointer without validation. The Debug impl calls Box::fromrawself.data on it. Passing a null pointer causes the Debug impl to construct a NonNull from null, producing...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to ensure that names end with a null character in netfilter xtables, which could lead to undefined...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to deny immediate NFQUEUE verdicts in netfilter nftables, which could lead to undefined behavior...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unchecked index mapping error in the ALSA ctxfi driver, which could lead to undefined behavior...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper initialization of certain local variables during replay requests, potentially leading to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-015470)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015470 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior...
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior
Summary An integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked with an invalid index, resulting in Undefined Behavior. Details Tested...
GHSA-38C5-483C-4QQP Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior
Summary An integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked with an invalid index, resulting in Undefined Behavior. Details Tested...
RUSTSEC-2026-0134 Unsound access to padding bytes while serializing date/time values using the Mysql backend
Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...