Lucene search
K

7 matches found

OSV
OSV
added 2021/08/25 8:53 p.m.11 views

GHSA-PPQP-78XX-3R38 Out of bounds write in calamine

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::setlen is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get...

9.8CVSS9.3AI score0.01728EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:53 p.m.25 views

Out of bounds write in calamine

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::setlen is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get...

9.8CVSS4.6AI score0.01728EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:44 p.m.24 views

Use after free in image

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...

9.8CVSS9.2AI score0.02478EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2021/02/09 11:15 p.m.23 views

CVE-2021-26951

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::setlen is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get...

9.8CVSS0.01728EPSS
Exploits1References1
OSV
OSV
added 2021/01/06 12:0 p.m.35 views

RUSTSEC-2021-0015 `Sectors::get` accesses unclaimed/uninitialized memory

Affected versions of this crate arbitrarily calls Vec::setlen to increase length of a vector without claiming more memory for the vector. Affected versions of this crate also calls user-provided Read on the uninitialized memory of the vector that was extended with Vec::setlen. This can overwrite...

9.8CVSS9.4AI score0.01728EPSS
Exploits1References3
Prion
Prion
added 2019/09/09 12:15 p.m.14 views

Format string

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::setlen is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution...

7.5CVSS9.7AI score0.02478EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2019/09/09 11:49 a.m.13 views

CVE-2019-16138

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::setlen is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution...

9.8CVSS9.8AI score0.02478EPSS
Exploits0
Rows per page
Query Builder