Monthly Archive: December 2020

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0048.html

An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0047.html

An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0046.html

An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0045.html

An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0044.html

An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0043.html

An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0042.html

An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0040.html

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0039.html

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0039.html

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0038.html

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0038.html

An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0037.html

An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0034.html