Advisories in category 'memory-exposure'
-
RUSTSEC-2025-0038: Vulnerability in arrow2
Out of bounds access in public safe API
-
RUSTSEC-2025-0020: Vulnerability in pyo3
Risk of buffer overflow in
PyString::from_object -
RUSTSEC-2025-0018: Vulnerability in xmas-elf
Potential out-of-bounds read with a malformed ELF file and the HashTable API.
-
RUSTSEC-2025-0004: Vulnerability in openssl
ssl::select_next_proto use after free
-
RUSTSEC-2025-0002: Vulnerability in fast-float2
Segmentation fault due to lack of bound check
-
RUSTSEC-2025-0003: Vulnerability in fast-float
Segmentation fault due to lack of bound check
-
RUSTSEC-2024-0400: Vulnerability in ruzstd
ruzstduninit and out-of-bounds memory reads -
RUSTSEC-2024-0354: Vulnerability in vodozemac
Usage of non-constant time base64 decoder could lead to leakage of secret key material
-
RUSTSEC-2024-0342: Vulnerability in vodozemac
Degraded secret zeroization capabilities
-
INFO RUSTSEC-2024-0017: Unsoundness in cassandra-cpp
Non-idiomatic use of iterators leads to use after free
-
INFO RUSTSEC-2024-0007: Unsoundness in rust-i18n-support
Use-after-free when setting the locale
-
LOW RUSTSEC-2023-0056: Unsoundness in vm-memory
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
-
RUSTSEC-2023-0044: Vulnerability in openssl
opensslX509VerifyParamRef::set_hostbuffer over-read -
MEDIUM RUSTSEC-2023-0030: Vulnerability in versionize
Versionize::deserializeimplementation forFamStructWrapper<T>is lacking bound checks, potentially leading to out of bounds memory accesses -
INFO RUSTSEC-2023-0016: Unsoundness in partial_sort
Possible out-of-bounds read in release mode
-
RUSTSEC-2023-0008: Vulnerability in openssl-src
X.509 Name Constraints Read Buffer Overflow
-
RUSTSEC-2023-0006: Vulnerability in openssl-src
X.400 address type confusion in X.509
GeneralName -
INFO RUSTSEC-2023-0005: Unsoundness in tokio
tokio::io::ReadHalf<T>::unsplitis Unsound -
INFO RUSTSEC-2022-0078: Unsoundness in bumpalo
Use-after-free due to a lifetime error in
Vec::into_iter() -
RUSTSEC-2022-0075: Vulnerability in wasmtime
Bug in pooling instance allocator
-
HIGH RUSTSEC-2022-0076: Vulnerability in wasmtime
Bug in Wasmtime implementation of pooling instance allocator
-
RUSTSEC-2022-0068: Vulnerability in capnp
out-of-bounds read possible when setting list-of-pointers
-
INFO RUSTSEC-2022-0049: Unsoundness in iana-time-zone
Use after free in MacOS / iOS implementation
-
INFO RUSTSEC-2021-0138: Unsoundness in mz-avro
Incorrect use of
set_lenallows for un-initialized memory -
RUSTSEC-2018-0022: Vulnerability in temporary
Use of uninitialized memory in temporary
-
RUSTSEC-2022-0028: Vulnerability in neon
Use after free in Neon external buffers
-
INFO RUSTSEC-2022-0017: Unsoundness in array-macro
array!macro is unsound when its length is impure constant -
RUSTSEC-2022-0016: Vulnerability in wasmtime
Use after free with
externrefs and epoch interruption in Wasmtime -
INFO RUSTSEC-2022-0010: Unsoundness in enum-map
enum_map macro can cause UB when
Enumtrait is incorrectly implemented -
RUSTSEC-2022-0002: Vulnerability in dashmap
Unsoundness in
dashmapreferences -
RUSTSEC-2021-0118: Vulnerability in arrow
FixedSizeBinaryArraydoes not perform bound checks on accessing values and offsets -
RUSTSEC-2021-0117: Vulnerability in arrow
DecimalArraydoes not perform bound checks on accessing values and offsets -
RUSTSEC-2021-0116: Vulnerability in arrow
BinaryArraydoes not perform bound checks on reading values and offsets -
INFO RUSTSEC-2021-0112: Unsoundness in tectonic_xdv
Readon uninitialized buffer may cause UB ('tectonic_xdv' crate) -
RUSTSEC-2021-0111: Vulnerability in tremor-script
Memory Safety Issue when using
patchormergeonstateand assign the result back tostate -
MEDIUM RUSTSEC-2021-0110: Vulnerability in wasmtime
Multiple Vulnerabilities in Wasmtime
-
RUSTSEC-2021-0092: Vulnerability in messagepack-rs
Deserialization functions pass uninitialized memory to user-provided Read
-
INFO RUSTSEC-2021-0088: Unsoundness in csv-sniffer
Readon uninitialized memory may cause UB (fn preamble_skipcount()) -
INFO RUSTSEC-2021-0091: Unsoundness in gfx-auxil
Reading on uninitialized buffer may cause UB (
gfx_auxil::read_spirv()) -
INFO RUSTSEC-2021-0090: Unsoundness in ash
Reading on uninitialized memory may cause UB (
util::read_spv()) -
INFO RUSTSEC-2021-0084: Unsoundness in bronzedb-protocol
Readon uninitialized buffer can cause UB (impl ofReadKVExt) -
INFO RUSTSEC-2020-0154: Unsoundness in buffoon
InputStream::read_exact :
Readon uninitialized buffer causes UB -
INFO RUSTSEC-2021-0085: Unsoundness in binjs_io
'Read' on uninitialized memory may cause UB
-
INFO RUSTSEC-2021-0094: Unsoundness in rdiff
Window can read out of bounds if Read instance returns more bytes than buffer size
-
INFO RUSTSEC-2020-0155: Unsoundness in acc_reader
Readon uninitialized buffer infill_buf()andread_up_to() -
INFO RUSTSEC-2021-0095: Unsoundness in mopa
mopais technically unsound -
INFO RUSTSEC-2021-0087: Unsoundness in columnar
columnar:
Readon uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec()) -
INFO RUSTSEC-2020-0153: Unsoundness in bite
readon uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max) -
INFO RUSTSEC-2021-0086: Unsoundness in flumedb
Readon uninitialized buffer may cause UB (read_entry()) -
CVE-2020-36323: Vulnerability in std
API soundness issue in join() implementation of [Borrow<str>]
-
CVE-2019-1010299: Vulnerability in std
vec_deque::Iter has unsound Debug implementation
-
RUSTSEC-2021-0070: Vulnerability in nalgebra
VecStorage Deserialize Allows Violation of Length Invariant
-
HIGH RUSTSEC-2021-0067: Vulnerability in cranelift-codegen
Memory access due to code generation flaw in Cranelift module
-
HIGH RUSTSEC-2021-0054: Vulnerability in rkyv
Archives may contain uninitialized memory
-
CRITICAL RUSTSEC-2021-0051: Vulnerability in outer_cgi
KeyValueReader passes uninitialized memory to Read instance
-
HIGH RUSTSEC-2021-0043: Vulnerability in uu_od
PartialReader passes uninitialized memory to user-provided Read
-
HIGH RUSTSEC-2021-0029: Vulnerability in truetype
Tape::take_bytes exposes uninitialized memory to a user-provided Read
-
HIGH RUSTSEC-2020-0145: Unsoundness in heapless
Use-after-free when cloning a partially consumed
Veciterator -
RUSTSEC-2021-0019: Vulnerability in xcb
Multiple soundness issues
-
HIGH RUSTSEC-2021-0017: Vulnerability in postscript
Readon uninitialized buffer may cause UB (impl Walue for Vec<u8>) -
HIGH RUSTSEC-2021-0016: Vulnerability in ms3d
IoReader::read(): user-providedReadon uninitialized buffer may cause UB -
CRITICAL RUSTSEC-2021-0015: Vulnerability in calamine
Sectors::getaccesses unclaimed/uninitialized memory -
HIGH RUSTSEC-2021-0014: Vulnerability in marc
Record::read : Custom
Readon uninitialized buffer may cause UB -
CRITICAL RUSTSEC-2020-0123: Vulnerability in libp2p-deflate
Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation
-
CRITICAL RUSTSEC-2021-0012: Vulnerability in cdr
Reading uninitialized memory can cause UB (
Deserializer::read_vec) -
CRITICAL RUSTSEC-2021-0008: Vulnerability in bra
reading on uninitialized buffer can cause UB (
impl<R> BufRead for GreedyAccessReader<R>) -
HIGH RUSTSEC-2021-0007: Vulnerability in av-data
Frame::copy_from_raw_partscan lead to segfault withoutunsafe -
HIGH RUSTSEC-2020-0006: Vulnerability in bumpalo
Flaw in
reallocallows reading unknown memory -
CRITICAL RUSTSEC-2020-0021: Vulnerability in rio
rio allows a use-after-free buffer access when a future is leaked
-
CRITICAL RUSTSEC-2020-0004: Vulnerability in lucet-runtime-internals
sigstack allocation bug can cause memory corruption or leak