2 matches found
GHSA-9FJQ-45QV-PCM7 ruint affected by unsoundness of safe `reciprocal_mg10`
The function reciprocalmg10 is marked as safe but can trigger undefined behavior out-of-bounds access because it relies on debugassert! for safety checks instead of assert!. When compiled in release mode, the debugassert! is optimized out, potentially allowing invalid inputs to cause memory...
Malicious code in @duckdb/duckdb-wasm (npm)
The DuckDB Node.js package @duckdb/duckdb-wasm version 1.29.2 was compromised with malware through a sophisticated phishing attack targeting the DuckDB maintainers. An attacker created a pixel-perfect copy of the npmjs.com website at npmjs.help domain and tricked a maintainer into logging in and...