2 matches found
CVE-2021-25900
CVE-2021-25900 affects the Rust smallvec crate prior to 0.6.14 and 1.x prior to 1.6.1, where SmallVec::insert_many can cause a heap-based buffer overflow. The issue is mitigated by upgrading to smallvec 0.6.14 or 1.6.1. In practice, vulnerable code paths may impact crates that vendor smallvec (e....
CVE-2019-15554
CVE-2019-15554 affects the Rust smallvec crate prior to 0.6.10. The issue is memory corruption when grow is called on a spilled SmallVec with a value smaller than current capacity, with potential to leak memory contents or enable remote code execution per OSV description. No explicit remediation/...