Categories ⋅ Keywords ⋅ Packages Advisories in category 'denial-of-service' April 30, 2025 INFO RUSTSEC-2025-0027: Unsoundness in mp3-metadata Panic in mp3-metadata due to the lack of bounds checking March 22, 2025 RUSTSEC-2025-0015: Vulnerability in web-push Denial of Service via malicious Web Push endpoint March 7, 2025 RUSTSEC-2024-0437: Vulnerability in protobuf Crash due to uncontrolled recursion in protobuf crate March 6, 2025 RUSTSEC-2025-0009: Vulnerability in ring Some AES functions may panic when overflow checking is enabled. December 4, 2024 MEDIUM RUSTSEC-2024-0401: Vulnerability in zlib-rs Denial of service because of stack overflow with malicious decompression input December 4, 2024 MEDIUM RUSTSEC-2024-0406: Vulnerability in ic-stable-structures BTreeMap memory leak when deallocating nodes with overflows December 4, 2024 RUSTSEC-2024-0405: Vulnerability in rustyscript op_panic in the base runtime can force a panic in the runtime's containing thread December 4, 2024 RUSTSEC-2024-0403: Vulnerability in js-sandbox op_panic in the base runtime can force a panic in the runtime's containing thread November 25, 2024 RUSTSEC-2024-0399: Vulnerability in rustls rustls network-reachable panic in Acceptor::accept October 1, 2024 RUSTSEC-2024-0376: Vulnerability in tonic Remotely exploitable Denial of Service in Tonic September 8, 2024 HIGH RUSTSEC-2024-0373: Vulnerability in quinn-proto Endpoint::retry() calls can lead to panicking September 7, 2024 HIGH RUSTSEC-2024-0372: Vulnerability in ic-cdk Memory leak when calling a canister method via ic_cdk::call September 5, 2024 HIGH RUSTSEC-2024-0369: Vulnerability in phonenumber phonenumber: panic on parsing crafted phonenumber inputs August 27, 2024 RUSTSEC-2024-0366: Vulnerability in cosmwasm-vm CWA-2023-004: Excessive number of function parameters in compiled Wasm August 8, 2024 RUSTSEC-2024-0361: Vulnerability in cosmwasm-vm CWA-2024-004: Gas mispricing in cosmwasm-vm June 26, 2024 RUSTSEC-2024-0345: Vulnerability in sequoia-openpgp Low severity (DoS) vulnerability in sequoia-openpgp May 20, 2024 HIGH RUSTSEC-2024-0341: Vulnerability in tls-listener Slow loris vulnerability with default configuration April 19, 2024 HIGH RUSTSEC-2024-0336: Vulnerability in rustls rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input April 3, 2024 RUSTSEC-2024-0332: Vulnerability in h2 Degradation of service in h2 servers with CONTINUATION Flood March 15, 2024 RUSTSEC-2023-0085: Vulnerability in hpack HPACK decoder panics on invalid input March 5, 2024 RUSTSEC-2024-0020: Vulnerability in whoami Stack buffer overflow with whoami on several Unix platforms March 2, 2024 HIGH RUSTSEC-2023-0083: Vulnerability in blurhash blurhash: panic on parsing crafted blurhash inputs February 29, 2024 HIGH RUSTSEC-2023-0082: Vulnerability in phonenumber phonenumber: panic on parsing crafted RF3966 phonenumber inputs February 9, 2024 RUSTSEC-2024-0011: Vulnerability in snow Unauthenticated Nonce Increment in snow February 9, 2024 RUSTSEC-2024-0012: Vulnerability in serde-json-wasm Stack overflow during recursive JSON parsing February 9, 2024 HIGH RUSTSEC-2024-0013: Vulnerability in libgit2-sys Memory corruption, denial of service, and arbitrary code execution in libgit2 January 17, 2024 RUSTSEC-2024-0003: Vulnerability in h2 Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS) December 21, 2023 RUSTSEC-2023-0077: Vulnerability in rosenpass Remotely exploitable DoS condition in Rosenpass <=0.2.0 December 9, 2023 HIGH RUSTSEC-2023-0073: Vulnerability in candid Infinite decoding loop through specially crafted payload September 29, 2023 HIGH RUSTSEC-2023-0065: Vulnerability in tungstenite Tungstenite allows remote attackers to cause a denial of service September 21, 2023 HIGH RUSTSEC-2023-0063: Vulnerability in quinn-proto Denial of service in Quinn servers September 13, 2023 HIGH RUSTSEC-2023-0062: Vulnerability in bcder BER/CER/DER decoder panics on invalid input August 22, 2023 HIGH RUSTSEC-2023-0052: Vulnerability in webpki webpki: CPU denial of service in certificate path building August 22, 2023 HIGH RUSTSEC-2023-0053: Vulnerability in rustls-webpki rustls-webpki: CPU denial of service in certificate path building June 3, 2023 RUSTSEC-2023-0041: Vulnerability in trust-dns-server Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets May 31, 2023 RUSTSEC-2023-0039: Vulnerability in buffered-reader Out-of-bounds array access leads to panic May 31, 2023 RUSTSEC-2023-0038: Vulnerability in sequoia-openpgp Out-of-bounds array access leads to panic April 20, 2023 RUSTSEC-2023-0034: Vulnerability in h2 Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS) March 23, 2023 RUSTSEC-2023-0024: Vulnerability in openssl openssl X509Extension::new and X509Extension::new_nid null pointer dereference February 14, 2023 HIGH RUSTSEC-2022-0090: Vulnerability in libsqlite3-sys libsqlite3-sys via C SQLite CVE-2022-35737 February 7, 2023 RUSTSEC-2023-0011: Vulnerability in openssl-src Invalid pointer dereference in d2i_PKCS7 functions February 7, 2023 RUSTSEC-2023-0008: Vulnerability in openssl-src X.509 Name Constraints Read Buffer Overflow February 7, 2023 RUSTSEC-2023-0006: Vulnerability in openssl-src X.400 address type confusion in X.509 GeneralName February 7, 2023 RUSTSEC-2023-0013: Vulnerability in openssl-src NULL dereference during PKCS7 data verification February 7, 2023 RUSTSEC-2023-0009: Vulnerability in openssl-src Use-after-free following BIO_new_NDEF February 7, 2023 RUSTSEC-2023-0010: Vulnerability in openssl-src Double free after calling PEM_read_bio_ex February 7, 2023 RUSTSEC-2023-0012: Vulnerability in openssl-src NULL dereference validating DSA public key February 2, 2023 RUSTSEC-2023-0004: Vulnerability in bzip2 bzip2 Denial of Service (DoS) February 2, 2023 HIGH RUSTSEC-2022-0084: Vulnerability in libp2p libp2p Lack of resource management DoS November 3, 2022 HIGH RUSTSEC-2022-0066: Vulnerability in conduit-hyper Denial of Service from unchecked request length November 1, 2022 RUSTSEC-2022-0065: Vulnerability in openssl-src X.509 Email Address Variable Length Buffer Overflow November 1, 2022 RUSTSEC-2022-0064: Vulnerability in openssl-src X.509 Email Address 4-byte Buffer Overflow September 13, 2022 RUSTSEC-2022-0055: Vulnerability in axum-core No default limit put on request bodies September 8, 2022 MEDIUM RUSTSEC-2021-0143: Vulnerability in kamadak-exif kamadak-exif DoS with untrusted PNG data August 3, 2022 HIGH RUSTSEC-2022-0038: Vulnerability in juniper Denial of service on deeply nested fragment requests August 3, 2022 HIGH RUSTSEC-2022-0037: Vulnerability in async-graphql Denial of service on deeply nested fragment requests August 1, 2022 RUSTSEC-2022-0035: Vulnerability in websocket Unbounded memory allocation based on untrusted length June 26, 2022 RUSTSEC-2022-0030: Vulnerability in rulex Stack overflow during recursive expression parsing June 26, 2022 RUSTSEC-2022-0031: Vulnerability in rulex Panic due to improper UTF-8 indexing May 19, 2022 HIGH RUSTSEC-2022-0025: Vulnerability in openssl-src Resource leakage when decoding certificates and keys March 16, 2022 RUSTSEC-2022-0014: Vulnerability in openssl-src Infinite loop in BN_mod_sqrt() reachable when parsing certificates March 8, 2022 HIGH RUSTSEC-2022-0013: Vulnerability in regex Regexes with large repetitions on empty sub-expressions take a very long time to parse January 21, 2022 RUSTSEC-2022-0004: Vulnerability in rustc-serialize Stack overflow in rustc_serialize when parsing deeply nested JSON December 15, 2021 RUSTSEC-2021-0129: Vulnerability in openssl-src Invalid handling of X509_verify_cert() internal errors in libssl November 18, 2021 RUSTSEC-2021-0125: Vulnerability in simple_asn1 Panic on incorrect date input to simple_asn1 August 24, 2021 HIGH RUSTSEC-2021-0098: Vulnerability in openssl-src Read buffer overruns processing ASN.1 strings August 21, 2021 RUSTSEC-2021-0089: Vulnerability in raw-cpuid Optional Deserialize implementations lacking validation July 8, 2021 RUSTSEC-2021-0073: Vulnerability in prost-types Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic May 11, 2021 RUSTSEC-2021-0066: Vulnerability in evm-core Denial of service on EVM execution due to memory over-allocation May 1, 2021 MEDIUM RUSTSEC-2021-0055: Vulnerability in openssl-src NULL pointer deref in signature_algorithms processing May 1, 2021 HIGH RUSTSEC-2021-0057: Vulnerability in openssl-src Integer overflow in CipherUpdate May 1, 2021 MEDIUM RUSTSEC-2021-0058: Vulnerability in openssl-src Null pointer deref in X509_issuer_and_serial_hash() March 24, 2021 HIGH RUSTSEC-2021-0041: Vulnerability in parse_duration Denial of service through parsing payloads with too big exponent January 24, 2021 RUSTSEC-2021-0013: Vulnerability in raw-cpuid Soundness issues in raw-cpuid November 29, 2020 MEDIUM RUSTSEC-2020-0075: Vulnerability in branca Unexpected panic when decoding tokens November 9, 2020 HIGH RUSTSEC-2020-0068: Vulnerability in multihash Unexpected panic in multihash from_slice parsing code October 31, 2020 MEDIUM RUSTSEC-2020-0061: Vulnerability in futures-task futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer October 1, 2020 HIGH RUSTSEC-2020-0019: Vulnerability in tokio-rustls tokio-rustls reads may cause excessive memory usage October 1, 2020 HIGH RUSTSEC-2020-0043: Vulnerability in ws Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory October 1, 2020 HIGH RUSTSEC-2020-0015: Vulnerability in openssl-src Crash causing Denial of Service attack October 1, 2020 HIGH RUSTSEC-2019-0003: Vulnerability in protobuf Out of Memory in stream::read_raw_bytes_into() October 1, 2020 HIGH RUSTSEC-2019-0033: Vulnerability in http Integer Overflow in HeaderMap::reserve() can cause Denial of Service October 1, 2020 CRITICAL RUSTSEC-2020-0002: Vulnerability in prost Parsing a specially crafted message can result in a stack overflow October 1, 2020 RUSTSEC-2017-0006: Vulnerability in rmpv Unchecked vector pre-allocation October 1, 2020 HIGH RUSTSEC-2020-0001: Vulnerability in trust-dns-server Stack overflow when resolving additional records from MX or SRV null targets October 1, 2020 CRITICAL CVE-2018-1000810: Vulnerability in std Buffer overflow vulnerability in str::repeat() October 1, 2020 CVE-2018-1000657: Vulnerability in std Buffer overflow vulnerability in VecDeque::reserve()