96 matches found
DynFuture Drop Can Construct a Dangling Reference
DynFuture is unsound because its Drop implementation transmutes a trait-object reference into unrelated reference types, which constructs an invalid reference from trait object metadata. This issue was reproduced against dyn-future 3.0.4 under Miri. The crate is unmaintained...
Security update for librsvg
This update for librsvg fixes the following issues: Update to version 2.57.4 - bsc1243867: CVE-2024-12224: RUSTSEC-2024-0421 - idna accepts Punycode labels that do not produce any non-ASCII when decoded. RUSTSEC-2024-0404 - Unsoundness in anstream. Patch Instructions: To install this SUSE update...
SUSE-SU-2026:0243-1 Security update for librsvg
This update for librsvg fixes the following issues: Update to version 2.57.4 - bsc1243867: + CVE-2024-12224: RUSTSEC-2024-0421 - idna accepts Punycode labels that do not produce any non-ASCII when decoded. + RUSTSEC-2024-0404 - Unsoundness in anstream...
EUVD-2025-205452
ruint affected by unsoundness of safe reciprocalmg10...
RUSTSEC-2025-0131 Lack of sufficient checks in public API
The affected function is unsound due to insufficient checks on public struct field...
EUVD-2021-1892
Malware in sbrugna...
EUVD-2021-1825
Malware in sbrugna...
Amazon Linux 2023 : librsvg2, librsvg2-devel, librsvg2-tools (ALAS2023-2025-992)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-992 advisory. RUSTSEC-2024-0429 is a vulnerability discovered in the glib Rust crate affecting versions prior to 0.20.0. The issue involves unsoundness in Iterator and DoubleEndedIterator implementations for...
CVE-2020-35914
An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness...
CVE-2020-35910
An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness...
CVE-2020-35912
An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness...
GHSA-RR8G-9FPQ-6WMG Tokio broadcast channel calls clone in parallel, but does not require `Sync`
The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...
Tokio broadcast channel calls clone in parallel, but does not require `Sync`
The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...
Broadcast channel calls clone in parallel, but does not require `Sync`
The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...
RUSTSEC-2025-0023 Broadcast channel calls clone in parallel, but does not require `Sync`
The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...
PT-2024-40306 · Crates.Io · Xous
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned, so the information cannot be determined. Description: The issue concerns the functions as slice and as slice mut being considered unsound. This is because any pointer, regardless of its bit...
Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
The VariantStrIter::implget function called internally by implementations of the Iterator and DoubleEndedIterator traits for this type was unsound, resulting in undefined behaviour. An immutable reference &p to a mut libc::cchar pointer initialized to NULL was passed as an argument to a C functio...
GHSA-WRW7-89JP-8Q8G Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
The VariantStrIter::implget function called internally by implementations of the Iterator and DoubleEndedIterator traits for this type was unsound, resulting in undefined behaviour. An immutable reference &p to a mut libc::cchar pointer initialized to NULL was passed as an argument to a C functio...
PT-2024-40974 · Crates.Io · Xous
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned, so the information cannot be determined. Description: The issue concerns the as slice and as slice mut functions, which are considered unsound. This is because any pointer, regardless of its bit...
GHSA-2RXC-GJRP-VJHX Unsoundness in anstream
When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80. When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence. This will produce a brok...