Lucene search
K

186 matches found

Cvelist
Cvelist
added 2021/12/26 9:53 p.m.33 views

CVE-2021-45680

An issue was discovered in the vec-const crate before 2.0.0 for Rust. It tries to construct a Vec from a pointer to a const slice, leading to memory corruption...

7.6AI score0.01053EPSS
Exploits0References2
CVE
CVE
added 2021/12/26 9:53 p.m.59 views

CVE-2021-45680

CVE-2021-45680 concerns the vec-const crate (Rust) prior to 2.0.0, where a vector is constructed from a pointer to a const slice, leading to memory corruption. Several sources (OSV/RUSTSEC and CVE records) confirm the affected component and the root cause. Impact is memory corruption; exact explo...

7.5CVSS7.3AI score0.01053EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:39 a.m.16 views

Security Bulletin: IBM Virtualization Engine TS7700 Management Interface (CVE-2021-29908)

Summary The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM Virtualization Engine TS7700 has addressed the vulnerability. Vulnerability...

10CVSS2.3AI score0.02EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 9:1 p.m.26 views

Double free in algorithmica

An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. In the affected versions of this crate, mergesort::merge wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking mergesort::merge on Vec can cause...

7.5CVSS3.5AI score0.00961EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:56 p.m.27 views

Use after free in heapless

An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed...

7.5CVSS7.3AI score0.01233EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/25 8:53 p.m.11 views

GHSA-PPQP-78XX-3R38 Out of bounds write in calamine

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::setlen is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get...

9.8CVSS9.3AI score0.01728EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:53 p.m.25 views

Out of bounds write in calamine

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::setlen is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get...

9.8CVSS4.6AI score0.01728EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/25 8:49 p.m.24 views

GHSA-M8H8-V6JH-C762 Incorrect buffer size in crossbeam-channel

The affected version of this crate's the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec...

5.5CVSS7.2AI score0.02743EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:49 p.m.36 views

Incorrect buffer size in crossbeam-channel

The affected version of this crate's the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec...

5.5CVSS6AI score0.00388EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:44 p.m.24 views

Use after free in image

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...

9.8CVSS9.2AI score0.02478EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/08/25 8:44 p.m.17 views

GHSA-MH6H-F25P-98F8 Uncontrolled memory consumption in protobuf

Affected versions of this crate called Vec::reserve on user-supplied input. This allows an attacker to cause an Out of Memory condition while calling the vulnerable method on untrusted data...

7.5CVSS7.4AI score0.03764EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/08/25 8:43 p.m.21 views

Heap overflow or corruption in safe-transmute

Affected versions of this crate switched the length and capacity arguments in the Vec::fromrawparts constructor, which could lead to memory corruption or data leakage...

9.8CVSS9.1AI score0.02032EPSS
Exploits0References5Affected Software1
RustSec
RustSec
added 2021/08/14 12:0 p.m.21 views

vec-const attempts to construct a Vec from a pointer to a const slice

Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...

7.5CVSS3.7AI score0.01053EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2021/08/10 7:28 a.m.6 views

rust: double free in Vec::from_iter function if freeing the element panics

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...

9.8CVSS5.8AI score0.0289EPSS
Exploits1References4
NVD
NVD
added 2021/08/08 6:15 a.m.20 views

CVE-2020-36464

An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed...

7.5CVSS0.01233EPSS
Exploits1References2
Veracode
Veracode
added 2021/05/06 9:12 a.m.35 views

Denial Of Service (DoS)

rust is vulnerable to denial of service. The vulnerability exists due to a double free in theVec::fromiter function...

9.8CVSS2.6AI score0.0289EPSS
Exploits1References11Affected Software2
RedhatCVE
RedhatCVE
added 2021/04/16 2:31 p.m.32 views

CVE-2021-31162

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...

9.8CVSS2AI score0.0289EPSS
Exploits1References3
NVD
NVD
added 2021/04/14 7:15 a.m.17 views

CVE-2021-31162

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...

9.8CVSS0.0289EPSS
Exploits1References7
OSV
OSV
added 2021/04/14 7:15 a.m.2 views

DEBIAN-CVE-2021-31162

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...

9.8CVSS7AI score0.0289EPSS
Exploits1References1
OSV
OSV
added 2021/04/14 7:15 a.m.33 views

CVE-2021-31162

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...

9.8CVSS6.6AI score
Exploits0References7
Rows per page
Query Builder