Monthly Archive: December 2020

An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0034.html

An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0034.html

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0032.html

An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0031.html

An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0030.html

An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0028.html

An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0027.html

An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0025.html

An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0023.html

An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0022.html

An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0022.html

An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race. Date published :...

An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0019.html

An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0017.html