Advisories in category 'memory-exposure'
-
RUSTSEC-2025-0038: Vulnerability in arrow2
Out of bounds access in public safe API
-
RUSTSEC-2025-0020: Vulnerability in pyo3
Risk of buffer overflow in
PyString::from_object
-
RUSTSEC-2025-0018: Vulnerability in xmas-elf
Potential out-of-bounds read with a malformed ELF file and the HashTable API.
-
RUSTSEC-2025-0004: Vulnerability in openssl
ssl::select_next_proto use after free
-
RUSTSEC-2025-0002: Vulnerability in fast-float2
Segmentation fault due to lack of bound check
-
RUSTSEC-2025-0003: Vulnerability in fast-float
Segmentation fault due to lack of bound check
-
RUSTSEC-2024-0400: Vulnerability in ruzstd
ruzstd
uninit and out-of-bounds memory reads -
RUSTSEC-2024-0354: Vulnerability in vodozemac
Usage of non-constant time base64 decoder could lead to leakage of secret key material
-
RUSTSEC-2024-0342: Vulnerability in vodozemac
Degraded secret zeroization capabilities
-
INFO RUSTSEC-2024-0017: Unsoundness in cassandra-cpp
Non-idiomatic use of iterators leads to use after free
-
INFO RUSTSEC-2024-0007: Unsoundness in rust-i18n-support
Use-after-free when setting the locale
-
LOW RUSTSEC-2023-0056: Unsoundness in vm-memory
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
-
RUSTSEC-2023-0044: Vulnerability in openssl
openssl
X509VerifyParamRef::set_host
buffer over-read -
MEDIUM RUSTSEC-2023-0030: Vulnerability in versionize
Versionize::deserialize
implementation forFamStructWrapper<T>
is lacking bound checks, potentially leading to out of bounds memory accesses -
INFO RUSTSEC-2023-0016: Unsoundness in partial_sort
Possible out-of-bounds read in release mode
-
RUSTSEC-2023-0008: Vulnerability in openssl-src
X.509 Name Constraints Read Buffer Overflow
-
RUSTSEC-2023-0006: Vulnerability in openssl-src
X.400 address type confusion in X.509
GeneralName
-
INFO RUSTSEC-2023-0005: Unsoundness in tokio
tokio::io::ReadHalf<T>::unsplit
is Unsound -
INFO RUSTSEC-2022-0078: Unsoundness in bumpalo
Use-after-free due to a lifetime error in
Vec::into_iter()
-
RUSTSEC-2022-0075: Vulnerability in wasmtime
Bug in pooling instance allocator
-
HIGH RUSTSEC-2022-0076: Vulnerability in wasmtime
Bug in Wasmtime implementation of pooling instance allocator
-
RUSTSEC-2022-0068: Vulnerability in capnp
out-of-bounds read possible when setting list-of-pointers
-
INFO RUSTSEC-2022-0049: Unsoundness in iana-time-zone
Use after free in MacOS / iOS implementation
-
INFO RUSTSEC-2021-0138: Unsoundness in mz-avro
Incorrect use of
set_len
allows for un-initialized memory -
RUSTSEC-2018-0022: Vulnerability in temporary
Use of uninitialized memory in temporary
-
RUSTSEC-2022-0028: Vulnerability in neon
Use after free in Neon external buffers
-
INFO RUSTSEC-2022-0017: Unsoundness in array-macro
array!
macro is unsound when its length is impure constant -
RUSTSEC-2022-0016: Vulnerability in wasmtime
Use after free with
externref
s and epoch interruption in Wasmtime -
INFO RUSTSEC-2022-0010: Unsoundness in enum-map
enum_map macro can cause UB when
Enum
trait is incorrectly implemented -
RUSTSEC-2022-0002: Vulnerability in dashmap
Unsoundness in
dashmap
references -
RUSTSEC-2021-0118: Vulnerability in arrow
FixedSizeBinaryArray
does not perform bound checks on accessing values and offsets -
RUSTSEC-2021-0117: Vulnerability in arrow
DecimalArray
does not perform bound checks on accessing values and offsets -
RUSTSEC-2021-0116: Vulnerability in arrow
BinaryArray
does not perform bound checks on reading values and offsets -
INFO RUSTSEC-2021-0112: Unsoundness in tectonic_xdv
Read
on uninitialized buffer may cause UB ('tectonic_xdv' crate) -
RUSTSEC-2021-0111: Vulnerability in tremor-script
Memory Safety Issue when using
patch
ormerge
onstate
and assign the result back tostate
-
MEDIUM RUSTSEC-2021-0110: Vulnerability in wasmtime
Multiple Vulnerabilities in Wasmtime
-
RUSTSEC-2021-0092: Vulnerability in messagepack-rs
Deserialization functions pass uninitialized memory to user-provided Read
-
INFO RUSTSEC-2021-0088: Unsoundness in csv-sniffer
Read
on uninitialized memory may cause UB (fn preamble_skipcount()) -
INFO RUSTSEC-2021-0091: Unsoundness in gfx-auxil
Reading on uninitialized buffer may cause UB (
gfx_auxil::read_spirv()
) -
INFO RUSTSEC-2021-0090: Unsoundness in ash
Reading on uninitialized memory may cause UB (
util::read_spv()
) -
INFO RUSTSEC-2021-0084: Unsoundness in bronzedb-protocol
Read
on uninitialized buffer can cause UB (impl ofReadKVExt
) -
INFO RUSTSEC-2020-0154: Unsoundness in buffoon
InputStream::read_exact :
Read
on uninitialized buffer causes UB -
INFO RUSTSEC-2021-0085: Unsoundness in binjs_io
'Read' on uninitialized memory may cause UB
-
INFO RUSTSEC-2021-0094: Unsoundness in rdiff
Window can read out of bounds if Read instance returns more bytes than buffer size
-
INFO RUSTSEC-2020-0155: Unsoundness in acc_reader
Read
on uninitialized buffer infill_buf()
andread_up_to()
-
INFO RUSTSEC-2021-0095: Unsoundness in mopa
mopa
is technically unsound -
INFO RUSTSEC-2021-0087: Unsoundness in columnar
columnar:
Read
on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec()) -
INFO RUSTSEC-2020-0153: Unsoundness in bite
read
on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max) -
INFO RUSTSEC-2021-0086: Unsoundness in flumedb
Read
on uninitialized buffer may cause UB (read_entry()
) -
CVE-2020-36323: Vulnerability in std
API soundness issue in join() implementation of [Borrow<str>]
-
CVE-2019-1010299: Vulnerability in std
vec_deque::Iter has unsound Debug implementation
-
RUSTSEC-2021-0070: Vulnerability in nalgebra
VecStorage Deserialize Allows Violation of Length Invariant
-
HIGH RUSTSEC-2021-0067: Vulnerability in cranelift-codegen
Memory access due to code generation flaw in Cranelift module
-
HIGH RUSTSEC-2021-0054: Vulnerability in rkyv
Archives may contain uninitialized memory
-
CRITICAL RUSTSEC-2021-0051: Vulnerability in outer_cgi
KeyValueReader passes uninitialized memory to Read instance
-
HIGH RUSTSEC-2021-0043: Vulnerability in uu_od
PartialReader passes uninitialized memory to user-provided Read
-
HIGH RUSTSEC-2021-0029: Vulnerability in truetype
Tape::take_bytes exposes uninitialized memory to a user-provided Read
-
HIGH RUSTSEC-2020-0145: Unsoundness in heapless
Use-after-free when cloning a partially consumed
Vec
iterator -
RUSTSEC-2021-0019: Vulnerability in xcb
Multiple soundness issues
-
HIGH RUSTSEC-2021-0017: Vulnerability in postscript
Read
on uninitialized buffer may cause UB (impl Walue for Vec<u8>
) -
HIGH RUSTSEC-2021-0016: Vulnerability in ms3d
IoReader::read()
: user-providedRead
on uninitialized buffer may cause UB -
CRITICAL RUSTSEC-2021-0015: Vulnerability in calamine
Sectors::get
accesses unclaimed/uninitialized memory -
HIGH RUSTSEC-2021-0014: Vulnerability in marc
Record::read : Custom
Read
on uninitialized buffer may cause UB -
CRITICAL RUSTSEC-2020-0123: Vulnerability in libp2p-deflate
Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation
-
CRITICAL RUSTSEC-2021-0012: Vulnerability in cdr
Reading uninitialized memory can cause UB (
Deserializer::read_vec
) -
CRITICAL RUSTSEC-2021-0008: Vulnerability in bra
reading on uninitialized buffer can cause UB (
impl<R> BufRead for GreedyAccessReader<R>
) -
HIGH RUSTSEC-2021-0007: Vulnerability in av-data
Frame::copy_from_raw_parts
can lead to segfault withoutunsafe
-
HIGH RUSTSEC-2020-0006: Vulnerability in bumpalo
Flaw in
realloc
allows reading unknown memory -
CRITICAL RUSTSEC-2020-0021: Vulnerability in rio
rio allows a use-after-free buffer access when a future is leaked
-
CRITICAL RUSTSEC-2020-0004: Vulnerability in lucet-runtime-internals
sigstack allocation bug can cause memory corruption or leak