RustSec Advisory

hexchat crate is unsound and unmaintained

Type confusion when accessing data from sublasses of subclasses of native types with abi3 feature targeting Python 3.12 and up

Potential undefined behavior when dereferencing Buf struct

Integer overflow in BytesMut::reserve

Unsound APIs of public constant::Reader and StructSchema

Segmentation fault and invalid memory read in mnl::cb_run

IterMut violates Stacked Borrows by invalidating internal pointer

Potential Undefined Behaviors in Arc<T>/Rc<T> impls of from_value on OOM

Non-utf8 String can be created with TimeBuf::as_str

Unsoundness of safe reciprocal_mg10

Reader::open_mmap unsoundly marks unsafe memmap operation as safe

Lack of sufficient checks in public API

Heap-buffer-overflow in nftnl::Batch::with_page_size (nftnl-rs)

soundness issue and unmaintained

Out-of-bounds memory access in binary_read_to_ref and binary_write_from_ref

Undefined behavior in index_of_ptr with empty slices

soundness issue and unmaintained

Possible unsound public API

soundness issue and unmaintained

Heap Buffer Overflow in the DrainCol Destructor

Multiple memory corruption vulnerabilities in safe APIs

ArrayQueue::push_front is not panic-safe

IdMap::from_iter may lead to uninitialized memory being freed on drop

User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows

ConstStaticCell could have been used to pass non-Send values to another thread

Four unique double-free vulnerabilities triggered via safe APIs

Uninitialized read after allocating MemBump

Lack of sufficient checks in public API

Multiple soundness issues in macroquad

soundness issue and unmaintained

Public API without sufficient bounds checking

Unsound public API in unmaintained crate

Safe API can cause heap-buffer-overflow

totally-safe introduces memory vulnerabilities in safe Rust

totally-safe-transmute allows transmuting any type to any other type in safe Rust

cve-rs introduces memory vulnerabilities in safe Rust

Use After Free with externrefs in Wasmtime

Use after free with externrefs and epoch interruption in Wasmtime

Invalid drop of VMExternRef from partially-initialized instances in the pooling instance allocator

Guest-controlled out-of-bounds read/write on x86_64

Undefined Behavior in Rust runtime functions

crossbeam-channel: double free on Drop

Broadcast channel calls clone in parallel, but does not require Sync

Use-After-Free in Md::fetch and Cipher::fetch

array-init-cursor in version 0.2.0 and below is unsound when used with types that implement Drop

Use after free in Parc and Prc due to missing lifetime constraints

Openh264 Decoding Functions Heap Overflow Vulnerability

Out of bounds write triggered by crafted coverage data

Build corruption when using PYO3_CONFIG_FILE environment variable

Risk of use-after-free in borrowed reads from Python weak references

Heap Buffer overflow using c_chars_to_str function

Segmentation fault due to use of uninitialized memory

Incorrect usage of #[repr(packed)]

Incorrect usage of #[repr(packed)]

Parts of Report are dropped as the wrong type during downcast

Stack buffer overflow with whoami on several Unix platforms

ObjectPool creates uninitialized memory when freeing objects

Non-idiomatic use of iterators leads to use after free

dav1d AV1 decoder integer overflow

Buffer overflow due to integer overflow in transpose

Memory corruption, denial of service, and arbitrary code execution in libgit2

serde deserialization for FamStructWrapper lacks bound checks that could potentially lead to out-of-bounds memory access

Potential stack use-after-free in Instrumented::into_inner

openssl X509StoreRef::objects is unsound

libwebp: OOB write in BuildHuffmanTable

libwebp: OOB write in BuildHuffmanTable

Use-after-free in vec_insert_bytes

memoffset allows reading uninitialized memory

Parsing borsh messages with ZST which are not-copy/clone is unsound

Unsound FFI: Wrong API usage causes write past allocated area

rmp-serde Raw and RawRef unsound

NULL pointer dereference in stb_image

out_reference::Out::from_raw should be unsafe

maligned::align_first causes incorrect deallocation

Ascii allows out-of-bounds array indexing in safe code

pnet_packet buffer overrun in set_payload setters

ELF header parsing library doesn't check for valid offset

Use-after-free due to a lifetime error in Vec::into_iter()

Bug in Wasmtime implementation of pooling instance allocator

Unsound API in secp256k1 allows use-after-free and invalid deallocation from safe code

Multiple vulnerabilities resulting in out-of-bounds writes

cell-project used incorrect variance when projecting through &Cell<T>

mozjpeg DecompressScanlines::read_scanlines is Unsound

os_socketaddr invalidly assumes the memory layout of std::net::SocketAddr

Memory corruption in liblz4

Out-of-bounds read when opening multiple column families with TTL

Unsoundness of AtomicCell<64> arithmetics on 32-bit targets that support Atomic64

Multiple soundness issues in owning_ref

Safety issues in pkcs11

MsQueue push/pop use the wrong orderings

Use after free in Neon external buffers

array! macro is unsound when its length is impure constant

Use after free with externrefs and epoch interruption in Wasmtime

Arrow2 allows double free in safe code

enum_map macro can cause UB when Enum trait is incorrectly implemented

Delegate functions are missing Send bound

Data race in Iter and IterMut

array! macro is unsound in presence of traits that implement methods it calls internally

Unsoundness in dashmap references

Integer overflow in the bundled Brotli C library

Integer overflow in the bundled Brotli C library

Use after free in lru crate

Incorrect Lifetime Bounds on Closures in rusqlite

Data race when sending and receiving after closing a oneshot channel

Potential segfault in localtime_r invocations

Out-of-bounds write in nix::unistd::getgrouplist

Memory Safety Issue when using patch or merge on state and assign the result back to state

AtomicBucket unconditionally implements Send/Sync

Multiple Vulnerabilities in Wasmtime

Improper Synchronization and Race Condition in vm-memory

mopa is technically unsound

Optional Deserialize implementations lacking validation

Data race in crossbeam-deque

vec-const attempts to construct a Vec from a pointer to a const slice

QueryInterface should call AddRef before returning pointer

Task dropped in wrong thread when aborting LocalSet task

Double free in Vec::from_iter specialization when drop panics

VecStorage Deserialize Allows Violation of Length Invariant

Memory access due to code generation flaw in Cranelift module

'merge_sort::merge()' crashes with double-free for T: Drop

String::retain allows safely creating invalid strings when abusing panic

TrustedRandomAccess specialization composes incorrectly for nested iter::Zips

Panic safety issue in Zip specialization

Zip may call __iterator_get_unchecked twice with the same index

Zip can cause buffer overflow when a consumed Zip iterator is used again

Logic bug in Read can cause buffer overflow in read_to_end()

VecDeque::make_contiguous may duplicate the contained elements

Panic safety violation in BinaryHeap

Multiple functions can cause double-frees

StackVec::extend can write out of bounds when size_hint is incorrect

RingBuffer can create multiple mutable references and cause data races

ImmediateIO and TransactionalIO can cause data races

Data race and memory safety issue in Index

through and through_and causes a double free if the map function panics

SliceDeque::drain_filter can double drop an element if the predicate panics

Generators can cause data races if non-Send types are used in their generator functions

misc::vec_with_size() can drop uninitialized memory if clone panics

FromIterator implementation for Vector/Matrix can drop uninitialized memory

Use after free possible in uri::Formatter on panic

Multiple soundness issues in Ptr

insert_many can drop elements twice on panic

panic safety: double drop or uninitialized drop of T upon panic

panic in user-provided Endian impl triggers double drop of T

Fix a use-after-free bug in diesels Sqlite backend

push_cloned can drop uninitialized memory or double free on panic

Deserializing an array can drop uninitialized memory on panic

move_elements can double-free objects on panic

split_at allows obtaining multiple mutable references to the same data

Loading a bgzip block can write out of bounds if size overflows.

arr! macro erases lifetimes

Multiple memory safety issues in insert_row

Use-after-free when cloning a partially consumed Vec iterator

Use-after-free in subscript_next and subscript_prev wrappers

insert_slice_clone can double drop if Clone panics.

Multiple soundness issues

Queues allow non-Send types to be sent to other threads, allowing data races

Send bound needed on T (for Send impl of Bucket2)

MvccRwLock allows data races & aliasing violations

FixedCapacityDequeLike::clone() can cause dropping uninitialized memory

Queue should have a Send bound on its Send/Sync traits

CopyCell lacks bounds on its Send trait allowing for data races

Send/Sync bound needed on T for Send/Sync impl of RcuCell

LockWeak<T> allows to create data race to T.

Bunch unconditionally implements Send/Sync

convec::ConVec unconditionally implements Send/Sync

ArcGuard's Send and Sync should have bounds on RC

Sectors::get accesses unclaimed/uninitialized memory

ShmWriter allows sending non-Send type across threads

Cache: Send/Sync impls needs trait bounds on K

Slock allows sending non-Send types across thread boundaries

SyncChannel can move 'T: !Send' to other threads

ReaderResult should be bounded by Sync

SyncRef's clone() and debug() allow data races

AtomicBox lacks bound on its Send and Sync traits allowing data races

dces' World type can cause data races

beef::Cow lacks a Sync bound on its Send trait allowing for data races

ReadTicket and WriteTicket should only be sendable when T is Send

AtomicBox implements Send/Sync for any T: Sized

Decoder<R> can carry R: !Send to other threads

PinSlab and Unordered<T, S> need bounds on their Send/Sync traits

Soundness issues in raw-cpuid

QueueSender/QueueReceiver: Send/Sync impls need T: Send

Future lacks bounds on Send and Sync.

Singleton lacks bounds on Send and Sync.

Demuxer can carry non-Send types across thread boundaries

ImageChunkMut needs bounds on its Send and Sync traits

panic safety issue in impl TransformContent<S, D> for [S; (2|3|4)]

Soundness issue: Input can be misused to create data race to an object

panic safety: double drop may happen within util::{mutate, mutate2}

EventList's From conversions can double drop on panic.

LateStatic has incorrect Sync bound

conquer-once's OnceCell lacks Send bound for its Sync trait.

hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

Queues allow non-Send types to be sent to other threads, allowing data races

Update unsound DrainFilter and RString::retain

impl Random on arrays can lead to dropping uninitialized memory

AtomicOption should have Send + Sync bound on its type argument.

may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

ButtplugFutureStateShared allows data race to (!Send|!Sync) objects

Aovec lacks bound on its Send and Sync traits allowing data races

Exposes internally used raw pointer

Double free when calling sys_info::disk_info from multiple threads

Double drop upon panic in 'fn map_array()'

Soundness issue with base::Error

Missing Send bound for Lazy

UsbContext trait did not require implementers to be Send and Sync.

Buffer overflow in SmallVec::insert_many

Unsound: can make ARefss contain a !Send, !Sync object.

Dangling reference in access::Map with Constant

Thex allows data races of non-Send types across threads

Potential segfault in the time crate

GenericMutexGuard allows data races of non-Sync types across threads

Some lock_api lock guard objects can cause data races

Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

futures_task::waker may cause a use-after-free if used on a type that isn't 'static

Fix for UB in failure to catch panics crossing FFI boundaries

Use-after-free with objects returned by Stream's get_format_info and get_context methods

Possible use-after-free with proplist::Iterator

Undefined Behavior in bounded channel

traitobject assumes the layout of fat pointers

use-after or double free of allocated memory

Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT

Multiple security issues including data race, buffer overflow, and uninitialized memory drop

Multiple memory safety issues

CBox API allows to de-reference raw pointers without unsafe code

bespoke Cell implementation allows obtaining several mutable references to the same data

sigstack allocation bug can cause memory corruption or leak

Use after free in ArcIntern::drop

Use-after-free in BodyStream due to lack of pinning

Flaw in generativity allows out-of-bounds access

Enum repr causing potential memory corruption

Stream callback function is not unwind safe

bespoke Cell implementation allows obtaining several mutable references to the same data

HeaderMap::Drain API is unsound

Use-after-free in Framed due to lack of pinning

rio allows a use-after-free buffer access when a future is leaked

Memory corruption in SmallVec::grow()

Parsing a specially crafted message can result in a stack overflow

Matrix::zip_elements causes double free

Buffer overflow vulnerability in str::repeat()

Memory safety vulnerabilities arising from Error::type_id