CVE-2021-25900

CVE-2021-25900 affects the Rust smallvec crate prior to 0.6.14 and 1.x prior to 1.6.1, where SmallVec::insert_many can cause a heap-based buffer overflow. The issue is mitigated by upgrading to smallvec 0.6.14 or 1.6.1. In practice, vulnerable code paths may impact crates that vendor smallvec (e....

CVE-2018-25023

The CVE-2018-25023 issue affects the Rust smallvec crate prior to 0.6.13. It allows creating an uninitialized value of any type, including references, due to the unsafe handling of uninitialized memory. The vulnerability is documented across OSV/GHSA entries, which note the fix involved avoiding ...

CVE-2018-20991

The CVE-2018-20991 issue affects the Rust smallvec crate up to version 0.6.3. The root cause is an Iterator implementation that mishandles destructors, which can lead to a double free. This vulnerability is documented as affecting smallvec prior to 0.6.3, with multiple advisories (OSV, NVD) confi...

CVE-2019-15554

CVE-2019-15554 affects the Rust smallvec crate prior to 0.6.10. The issue is memory corruption when grow is called on a spilled SmallVec with a value smaller than current capacity, with potential to leak memory contents or enable remote code execution per OSV description. No explicit remediation/...

CVE-2019-15551

CVE-2019-15551 concerns the Rust smallvec crate prior to 0.6.10. The issue is a double free when growing a SmallVec whose current capacity matches the growth size, potentially enabling use-after-free conditions. Documents from multiple sources (GHSA advisory, Red Hat, SUSE, OSV, Debian, and NVD) ...