mirror of
https://github.com/imjasonh/rustvulncheck
synced 2026-07-09 12:56:54 +00:00
6674 lines
No EOL
191 KiB
JSON
6674 lines
No EOL
191 KiB
JSON
{
|
|
"generated_at": "unix:1774454746",
|
|
"entries": [
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0037",
|
|
"package": "quinn-proto",
|
|
"title": "Denial of service in Quinn endpoints",
|
|
"date": "2026-03-09",
|
|
"patched_versions": [
|
|
">= 0.11.14"
|
|
],
|
|
"commit_sha": "2c315aa7f9c2a6c1db87f8f51f40623a427c78fd",
|
|
"vulnerable_symbols": [
|
|
{
|
|
"file": "quinn-proto/src/congestion/bbr/mod.rs",
|
|
"function": "quinn_proto::congestion::bbr::Bbr::maybe_enter_or_exit_probe_rtt",
|
|
"change_type": "Modified"
|
|
},
|
|
{
|
|
"file": "quinn-proto/src/connection/assembler.rs",
|
|
"function": "quinn_proto::connection::assembler::State::default",
|
|
"change_type": "Deleted"
|
|
},
|
|
{
|
|
"file": "quinn-proto/src/transport_parameters.rs",
|
|
"function": "quinn_proto::transport_parameters::TransportParameters::read",
|
|
"change_type": "Modified"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0074",
|
|
"package": "libcrux-sha3",
|
|
"title": "Incorrect Output of Incremental Portable SHAKE API",
|
|
"date": "2026-03-04",
|
|
"patched_versions": [
|
|
">= 0.0.8 "
|
|
],
|
|
"commit_sha": "6bbe15ec6a24222dade456aa75a382234807c4ff",
|
|
"vulnerable_symbols": [
|
|
{
|
|
"file": "crates/algorithms/sha3/src/generic_keccak/xof.rs",
|
|
"function": "sha3::generic_keccak::xof::KeccakXofState::squeeze",
|
|
"change_type": "Modified"
|
|
},
|
|
{
|
|
"file": "crates/algorithms/sha3/src/simd/avx2.rs",
|
|
"function": "sha3::simd::avx2::store_block",
|
|
"change_type": "Modified"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0073",
|
|
"package": "libcrux-poly1305",
|
|
"title": "Panic in Standalone MAC Operations",
|
|
"date": "2026-03-04",
|
|
"patched_versions": [
|
|
">= 0.0.5 "
|
|
],
|
|
"commit_sha": "5730a90658437802482a2862748378619241d4b7",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0076",
|
|
"package": "libcrux-ml-dsa",
|
|
"title": "Panic in Signature Hint Decoding During Verification",
|
|
"date": "2026-03-04",
|
|
"patched_versions": [
|
|
">= 0.0.8 "
|
|
],
|
|
"commit_sha": "2d2ad879b287d0c9f3364fa863d105c057805a1b",
|
|
"vulnerable_symbols": [
|
|
{
|
|
"file": "libcrux-ml-dsa/src/encoding/signature.rs",
|
|
"function": "libcrux_ml_dsa::encoding::signature::deserialize",
|
|
"change_type": "Modified"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0077",
|
|
"package": "libcrux-ml-dsa",
|
|
"title": "Incorrect Check of Signer Response Norm During Verification",
|
|
"date": "2026-03-04",
|
|
"patched_versions": [
|
|
">= 0.0.8 "
|
|
],
|
|
"commit_sha": "0b8c446d8c235086561f74dc3079d930569d9bdd",
|
|
"vulnerable_symbols": [
|
|
{
|
|
"file": "libcrux-ml-dsa/src/ml_dsa_generic.rs",
|
|
"function": "libcrux_ml_dsa::ml_dsa_generic::generic::verify_internal",
|
|
"change_type": "Modified"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0075",
|
|
"package": "libcrux-ed25519",
|
|
"title": "All-Zero Key Generation on Catastrophic RNG Failure",
|
|
"date": "2026-03-04",
|
|
"patched_versions": [
|
|
">= 0.0.7 "
|
|
],
|
|
"commit_sha": "bda2b492b1d1ab12b5c77271874d53f111af1788",
|
|
"vulnerable_symbols": [
|
|
{
|
|
"file": "crates/algorithms/ed25519/src/impl_hacl.rs",
|
|
"function": "ed25519::impl_hacl::generate_key_pair",
|
|
"change_type": "Modified"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0013",
|
|
"package": "pyo3",
|
|
"title": "Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up",
|
|
"date": "2026-02-18",
|
|
"patched_versions": [
|
|
">= 0.28.2"
|
|
],
|
|
"commit_sha": "a7c8f38a0f204806c84c0feb872c430d3f6078db",
|
|
"vulnerable_symbols": [
|
|
{
|
|
"file": "pyo3-build-config/src/impl_.rs",
|
|
"function": "pyo3_build_config::impl_::InterpreterConfig::build_script_outputs",
|
|
"change_type": "Modified"
|
|
},
|
|
{
|
|
"file": "pyo3-build-config/src/lib.rs",
|
|
"function": "pyo3_build_config::print_expected_cfgs",
|
|
"change_type": "Modified"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0012",
|
|
"package": "keccak",
|
|
"title": "Unsoundness in opt-in ARMv8 assembly backend for `keccak`",
|
|
"date": "2026-02-12",
|
|
"patched_versions": [
|
|
">= 0.1.6"
|
|
],
|
|
"commit_sha": "7ac1920198ebb7d0192e6d2c3581e15b38a6e0e5",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0069",
|
|
"package": "hpke-rs",
|
|
"title": "Incorrect Length Encoding on KDF Export",
|
|
"date": "2026-02-11",
|
|
"patched_versions": [
|
|
">= 0.6.0"
|
|
],
|
|
"commit_sha": "b54c8bb83906331bdf4f606cafa30cd7fd20b531",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0070",
|
|
"package": "hpke-rs",
|
|
"title": "Panic When Opening or Sealing on Export-Only Context",
|
|
"date": "2026-02-11",
|
|
"patched_versions": [
|
|
">= 0.6.0"
|
|
],
|
|
"commit_sha": "b54c8bb83906331bdf4f606cafa30cd7fd20b531",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0025",
|
|
"package": "libcrux-psq",
|
|
"title": "Panic in `libcrux-psq` on decryption of malformed AES-GCM ciphertext",
|
|
"date": "2026-02-08",
|
|
"patched_versions": [
|
|
">= 0.0.7"
|
|
],
|
|
"commit_sha": "f303b6446c19fe9a7c993f61e426023609cd5fac",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0026",
|
|
"package": "libcrux-ed25519",
|
|
"title": "Unnecessary clamping of seed reduces seed entropy to 251 bits",
|
|
"date": "2026-02-05",
|
|
"patched_versions": [
|
|
">= 0.0.6"
|
|
],
|
|
"commit_sha": "4d6f5d3c2542b6179a6474dec8cfb8b8ddf31a84",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0071",
|
|
"package": "hpke-rs",
|
|
"title": "Nonce Reuse in HPKE Context",
|
|
"date": "2026-02-05",
|
|
"patched_versions": [
|
|
">= 0.6.0"
|
|
],
|
|
"commit_sha": "3a8254938f43bdc4e0c9c4f987f8071f19779066",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0072",
|
|
"package": "hpke-rs-rust-crypto",
|
|
"title": "Missing Check for All-Zero X25519 Shared Secret",
|
|
"date": "2026-02-04",
|
|
"patched_versions": [
|
|
">= 0.6.0"
|
|
],
|
|
"commit_sha": "1c247b5c9aeca602ad2971c9bd49817fe2c308e6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0008",
|
|
"package": "git2",
|
|
"title": "Potential undefined behavior when dereferencing Buf struct",
|
|
"date": "2026-02-02",
|
|
"patched_versions": [
|
|
">=0.20.4"
|
|
],
|
|
"commit_sha": "9e160f15bd056f82143109bb330573381e5de719",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0023",
|
|
"package": "libcrux-ecdh",
|
|
"title": "X25519 secret validation did not check buffer length or clamping",
|
|
"date": "2026-01-26",
|
|
"patched_versions": [
|
|
">= 0.0.6"
|
|
],
|
|
"commit_sha": "a09022c5811ca7fd1c6d9a239ff294d64ee86734",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0024",
|
|
"package": "libcrux-psq",
|
|
"title": "Incorrect X25519 clamping check rejects all secrets on import",
|
|
"date": "2026-01-26",
|
|
"patched_versions": [
|
|
">= 0.0.7"
|
|
],
|
|
"commit_sha": "a09022c5811ca7fd1c6d9a239ff294d64ee86734",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0005",
|
|
"package": "oneshot",
|
|
"title": "Potential use-after-free in `oneshot` when used asynchronously",
|
|
"date": "2026-01-25",
|
|
"patched_versions": [
|
|
">= 0.1.12"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0002",
|
|
"package": "lru",
|
|
"title": "`IterMut` violates Stacked Borrows by invalidating internal pointer",
|
|
"date": "2026-01-07",
|
|
"patched_versions": [
|
|
">= 0.16.3"
|
|
],
|
|
"commit_sha": "62be24c96137fcf5c6323607ff15ed878b157ee2",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2026-0001",
|
|
"package": "rkyv",
|
|
"title": "Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM",
|
|
"date": "2026-01-05",
|
|
"patched_versions": [
|
|
">= 0.7.46, < 0.8.0",
|
|
">= 0.8.13"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0139",
|
|
"package": "theshit",
|
|
"title": "theshit vulnerable to unsafe loading of user-owned Python rules when running as root",
|
|
"date": "2025-12-30",
|
|
"patched_versions": [
|
|
">= 0.1.1"
|
|
],
|
|
"commit_sha": "8e0b565e7876a83b0e1cfbacb8af39dadfdcc500",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0140",
|
|
"package": "gix-date",
|
|
"title": "Non-utf8 String can be created with `TimeBuf::as_str`",
|
|
"date": "2025-12-29",
|
|
"patched_versions": [
|
|
">= 0.12.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0143",
|
|
"package": "capnp",
|
|
"title": "Unsound APIs of public `constant::Reader` and `StructSchema`",
|
|
"date": "2025-12-24",
|
|
"patched_versions": [
|
|
">= 0.24.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0137",
|
|
"package": "ruint",
|
|
"title": "Unsoundness of safe `reciprocal_mg10`",
|
|
"date": "2025-12-22",
|
|
"patched_versions": [
|
|
">= 1.17.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0133",
|
|
"package": "libcrux-intrinsics",
|
|
"title": "Incorrect calculation on aarch64",
|
|
"date": "2025-12-04",
|
|
"patched_versions": [
|
|
">= 0.0.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0134",
|
|
"package": "rustls-pemfile",
|
|
"title": "rustls-pemfile is unmaintained",
|
|
"date": "2025-11-28",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0132",
|
|
"package": "maxminddb",
|
|
"title": "`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe",
|
|
"date": "2025-11-28",
|
|
"patched_versions": [
|
|
">= 0.27.0"
|
|
],
|
|
"commit_sha": "98f0e4fff9678c841ed33f3b8a46322f6163c32a",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0125",
|
|
"package": "thread-amount",
|
|
"title": "Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS",
|
|
"date": "2025-11-22",
|
|
"patched_versions": [
|
|
">=0.2.2"
|
|
],
|
|
"commit_sha": "28860d4a38286609cb884c13b5b7941edc2390e5",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0119",
|
|
"package": "number_prefix",
|
|
"title": "number_prefix crate is unmaintained",
|
|
"date": "2025-11-17",
|
|
"patched_versions": [],
|
|
"commit_sha": "0ea8171492efe2784f7d820e91ced0cb79262923",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0122",
|
|
"package": "cargo-asm",
|
|
"title": "cargo-asm crate is unmaintained",
|
|
"date": "2025-11-17",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0153",
|
|
"package": "hexchat",
|
|
"title": "hexchat crate is unsound and unmaintained",
|
|
"date": "2025-11-17",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0120",
|
|
"package": "json5",
|
|
"title": "json5 crate is unmaintained",
|
|
"date": "2025-11-16",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0114",
|
|
"package": "tandem_http_client",
|
|
"title": "tandem_http_client is unmaintained",
|
|
"date": "2025-11-10",
|
|
"patched_versions": [],
|
|
"commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0116",
|
|
"package": "tandem_garble_interop",
|
|
"title": "tandem_garble_interop is unmaintained",
|
|
"date": "2025-11-10",
|
|
"patched_versions": [],
|
|
"commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0115",
|
|
"package": "tandem_http_server",
|
|
"title": "tandem_http_server is unmaintained",
|
|
"date": "2025-11-10",
|
|
"patched_versions": [],
|
|
"commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0117",
|
|
"package": "tandem",
|
|
"title": "tandem is unmaintained",
|
|
"date": "2025-11-10",
|
|
"patched_versions": [],
|
|
"commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0107",
|
|
"package": "borrowck_sacrifices",
|
|
"title": "Uninitialized memory exposure in any_as_u8_slice",
|
|
"date": "2025-10-21",
|
|
"patched_versions": [
|
|
">= 0.2.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0109",
|
|
"package": "binary_vec_io",
|
|
"title": "Out-of-bounds memory access in binary_read_to_ref and binary_write_from_ref",
|
|
"date": "2025-10-21",
|
|
"patched_versions": [],
|
|
"commit_sha": "e8ee610c217b112100e784c944bbb9caa995c2ae",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0105",
|
|
"package": "direct_ring_buffer",
|
|
"title": "Uninitialized memory exposure in create_ring_buffer",
|
|
"date": "2025-10-21",
|
|
"patched_versions": [
|
|
">= 0.2.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0106",
|
|
"package": "orx-pinned-vec",
|
|
"title": "Undefined behavior in index_of_ptr with empty slices",
|
|
"date": "2025-10-21",
|
|
"patched_versions": [
|
|
">= 3.21.0"
|
|
],
|
|
"commit_sha": "4a4007a1aaff25cd417853c76163883a7110e276",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0108",
|
|
"package": "ncurses",
|
|
"title": "Uninitialized memory exposure in string reading functions",
|
|
"date": "2025-10-21",
|
|
"patched_versions": [],
|
|
"commit_sha": "cbeb0465070dd7a07413f0465114f8cd43df4ecc",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0091",
|
|
"package": "unic-utils",
|
|
"title": "`unic-utils` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0099",
|
|
"package": "unic-ucd-block",
|
|
"title": "`unic-ucd-block` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0083",
|
|
"package": "unic-ucd-bidi",
|
|
"title": "`unic-ucd-bidi` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0094",
|
|
"package": "unic-ucd-category",
|
|
"title": "`unic-ucd-category` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0100",
|
|
"package": "unic-ucd-ident",
|
|
"title": "`unic-ucd-ident` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0096",
|
|
"package": "unic-bidi",
|
|
"title": "`unic-bidi` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0081",
|
|
"package": "unic-char-property",
|
|
"title": "`unic-char-property` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0085",
|
|
"package": "unic-idna",
|
|
"title": "`unic-idna` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0084",
|
|
"package": "unic-emoji",
|
|
"title": "`unic-emoji` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0104",
|
|
"package": "unic-ucd-segment",
|
|
"title": "`unic-ucd-segment` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0082",
|
|
"package": "unic-normal",
|
|
"title": "`unic-normal` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0077",
|
|
"package": "unic-ucd",
|
|
"title": "`unic-ucd` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0075",
|
|
"package": "unic-char-range",
|
|
"title": "`unic-char-range` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0097",
|
|
"package": "unic-idna-mapping",
|
|
"title": "`unic-idna-mapping` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0086",
|
|
"package": "unic-char",
|
|
"title": "`unic-char` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0088",
|
|
"package": "unic-idna-punycode",
|
|
"title": "`unic-idna-punycode` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0101",
|
|
"package": "unic-ucd-common",
|
|
"title": "`unic-ucd-common` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0076",
|
|
"package": "unic-ucd-name",
|
|
"title": "`unic-ucd-name` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0089",
|
|
"package": "unic-ucd-name_aliases",
|
|
"title": "`unic-ucd-name_aliases` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0102",
|
|
"package": "unic-ucd-age",
|
|
"title": "`unic-ucd-age` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0080",
|
|
"package": "unic-common",
|
|
"title": "`unic-common` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0087",
|
|
"package": "unic-cli",
|
|
"title": "`unic-cli` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0095",
|
|
"package": "unic",
|
|
"title": "`unic` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0098",
|
|
"package": "unic-ucd-version",
|
|
"title": "`unic-ucd-version` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0074",
|
|
"package": "unic-segment",
|
|
"title": "`unic-segment` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0079",
|
|
"package": "unic-ucd-hangul",
|
|
"title": "`unic-ucd-hangul` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0126",
|
|
"package": "nftnl",
|
|
"title": "Heap-buffer-overflow in nftnl::Batch::with_page_size (nftnl-rs)",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [
|
|
">= 0.9.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0092",
|
|
"package": "unic-ucd-case",
|
|
"title": "`unic-ucd-case` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0103",
|
|
"package": "unic-ucd-core",
|
|
"title": "`unic-ucd-core` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0090",
|
|
"package": "unic-emoji-char",
|
|
"title": "`unic-emoji-char` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0093",
|
|
"package": "unic-char-basics",
|
|
"title": "`unic-char-basics` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0142",
|
|
"package": "mnl",
|
|
"title": "Segmentation fault and invalid memory read in `mnl::cb_run`",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [
|
|
">= 0.3.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0078",
|
|
"package": "unic-ucd-normal",
|
|
"title": "`unic-ucd-normal` is unmaintained",
|
|
"date": "2025-10-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0069",
|
|
"package": "daemonize",
|
|
"title": "`daemonize` is Unmaintained",
|
|
"date": "2025-09-14",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0067",
|
|
"package": "libyml",
|
|
"title": "`libyml::string::yaml_string_extend` is unsound and unmaintained",
|
|
"date": "2025-09-11",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0068",
|
|
"package": "serde_yml",
|
|
"title": "serde_yml crate is unsound and unmaintained",
|
|
"date": "2025-09-11",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0061",
|
|
"package": "iron",
|
|
"title": "iron crate is unmaintained",
|
|
"date": "2025-09-08",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0059",
|
|
"package": "servo-fontconfig",
|
|
"title": "servo-fontconfig crate is unmaintained",
|
|
"date": "2025-09-08",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0060",
|
|
"package": "crypto-hash",
|
|
"title": "crypto-hash crate is unmaintained",
|
|
"date": "2025-09-08",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0058",
|
|
"package": "custom_derive",
|
|
"title": "custom_derive crate is unmaintained",
|
|
"date": "2025-09-07",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0057",
|
|
"package": "fxhash",
|
|
"title": "fxhash - no longer maintained",
|
|
"date": "2025-09-05",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0049",
|
|
"package": "scratchpad",
|
|
"title": "User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows",
|
|
"date": "2025-08-14",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0050",
|
|
"package": "id-map",
|
|
"title": "IdMap::from_iter may lead to uninitialized memory being freed on drop",
|
|
"date": "2025-08-14",
|
|
"patched_versions": [
|
|
">= 0.2.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0054",
|
|
"package": "array-queue",
|
|
"title": "ArrayQueue::push_front is not panic-safe",
|
|
"date": "2025-08-14",
|
|
"patched_versions": [
|
|
">=0.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0053",
|
|
"package": "arenavec",
|
|
"title": "Multiple memory corruption vulnerabilities in safe APIs",
|
|
"date": "2025-08-14",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0047",
|
|
"package": "slab",
|
|
"title": "Out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check",
|
|
"date": "2025-08-12",
|
|
"patched_versions": [
|
|
">= 0.4.11"
|
|
],
|
|
"commit_sha": "2d65c514bc964b192bab212ddf3c1fcea4ae96b8",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0051",
|
|
"package": "xcb",
|
|
"title": "`xcb::Connection::connect_to_fd*` functions violate I/O safety",
|
|
"date": "2025-08-05",
|
|
"patched_versions": [
|
|
">= 1.6.0"
|
|
],
|
|
"commit_sha": "da830976870c1174e3b33eb0643177be3991c002",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0048",
|
|
"package": "tsify-next",
|
|
"title": "tsify-next is unmaintained, use tsify instead",
|
|
"date": "2025-07-29",
|
|
"patched_versions": [],
|
|
"commit_sha": "0b377ed27073b0be76c67a88dc9b3934122559c1",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0045",
|
|
"package": "static_cell",
|
|
"title": "ConstStaticCell could have been used to pass non-Send values to another thread",
|
|
"date": "2025-07-17",
|
|
"patched_versions": [
|
|
">= 2.1.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0042",
|
|
"package": "static-alloc",
|
|
"title": "Uninitialized read after allocating MemBump",
|
|
"date": "2025-07-11",
|
|
"patched_versions": [
|
|
">= 0.2.6"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0044",
|
|
"package": "slice-ring-buffer",
|
|
"title": "Four unique double-free vulnerabilities triggered via safe APIs",
|
|
"date": "2025-06-16",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0138",
|
|
"package": "deno",
|
|
"title": "--allow-read / --allow-write permission bypass in `node:sqlite`",
|
|
"date": "2025-06-03",
|
|
"patched_versions": [
|
|
">= 2.2.5"
|
|
],
|
|
"commit_sha": "31a97803995bd94629528ba841b2418d3ca01860",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0062",
|
|
"package": "toodee",
|
|
"title": "Heap Buffer Overflow in the DrainCol Destructor",
|
|
"date": "2025-05-22",
|
|
"patched_versions": [
|
|
">= 0.6.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0036",
|
|
"package": "surf",
|
|
"title": "surf is unmaintained",
|
|
"date": "2025-05-17",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0027",
|
|
"package": "mp3-metadata",
|
|
"title": "Panic in mp3-metadata due to the lack of bounds checking",
|
|
"date": "2025-04-28",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0035",
|
|
"package": "macroquad",
|
|
"title": "Multiple soundness issues in `macroquad`",
|
|
"date": "2025-04-23",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0024",
|
|
"package": "crossbeam-channel",
|
|
"title": "crossbeam-channel: double free on Drop",
|
|
"date": "2025-04-08",
|
|
"patched_versions": [
|
|
">= 0.5.15"
|
|
],
|
|
"commit_sha": "596df785c0e6f00b1775bba1b5506d998fb94b63",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0023",
|
|
"package": "tokio",
|
|
"title": "Broadcast channel calls clone in parallel, but does not require `Sync`",
|
|
"date": "2025-04-07",
|
|
"patched_versions": [
|
|
">= 1.38.2, < 1.39.0",
|
|
">= 1.42.1, < 1.43.0",
|
|
">= 1.43.1, < 1.44.0",
|
|
">= 1.44.2"
|
|
],
|
|
"commit_sha": "aa303bc2051f7c21b48bb7bfcafe8fd4f39afd21",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0022",
|
|
"package": "openssl",
|
|
"title": "Use-After-Free in `Md::fetch` and `Cipher::fetch`",
|
|
"date": "2025-04-04",
|
|
"patched_versions": [
|
|
">= 0.10.72"
|
|
],
|
|
"commit_sha": "87085bd67896b7f92e6de35d081f607a334beae4",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0020",
|
|
"package": "pyo3",
|
|
"title": "Risk of buffer overflow in `PyString::from_object`",
|
|
"date": "2025-04-01",
|
|
"patched_versions": [
|
|
">= 0.24.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0019",
|
|
"package": "array-init-cursor",
|
|
"title": "`array-init-cursor` in version 0.2.0 and below is unsound when used with types that implement `Drop`",
|
|
"date": "2025-03-27",
|
|
"patched_versions": [
|
|
">= 0.2.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0033",
|
|
"package": "scanner",
|
|
"title": "Public API without sufficient bounds checking",
|
|
"date": "2025-03-27",
|
|
"patched_versions": [],
|
|
"commit_sha": "20e260a42a8279aac5bccdcaa56daefc20d852d3",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0018",
|
|
"package": "xmas-elf",
|
|
"title": "Potential out-of-bounds read with a malformed ELF file and the HashTable API.",
|
|
"date": "2025-03-26",
|
|
"patched_versions": [
|
|
">=0.10"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0017",
|
|
"package": "trust-dns-proto",
|
|
"title": "The `trust-dns` project has been rebranded to `hickory-dns`",
|
|
"date": "2025-03-23",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0016",
|
|
"package": "pared",
|
|
"title": "Use after free in `Parc` and `Prc` due to missing lifetime constraints",
|
|
"date": "2025-03-13",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0014",
|
|
"package": "humantime",
|
|
"title": "humantime is unmaintained",
|
|
"date": "2025-03-08",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0012",
|
|
"package": "backoff",
|
|
"title": "`backoff` is unmaintained.",
|
|
"date": "2025-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0008",
|
|
"package": "openh264-sys2",
|
|
"title": "Openh264 Decoding Functions Heap Overflow Vulnerability",
|
|
"date": "2025-02-24",
|
|
"patched_versions": [
|
|
">=0.8.0"
|
|
],
|
|
"commit_sha": "63db555e30986e3a5f07871368dc90ae78c27449",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0015",
|
|
"package": "web-push",
|
|
"title": "Denial of Service via malicious Web Push endpoint",
|
|
"date": "2025-02-16",
|
|
"patched_versions": [
|
|
">= 0.10.3"
|
|
],
|
|
"commit_sha": "8447ed86bf3f24629abd7022b94104bf3cd64453",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0004",
|
|
"package": "openssl",
|
|
"title": "ssl::select_next_proto use after free",
|
|
"date": "2025-02-02",
|
|
"patched_versions": [
|
|
">= 0.10.70"
|
|
],
|
|
"commit_sha": "f014afb230de4d77bc79dea60e7e58c2f47b60f2",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0040",
|
|
"package": "users",
|
|
"title": "`root` appended to group listings",
|
|
"date": "2025-01-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0003",
|
|
"package": "fast-float",
|
|
"title": "Segmentation fault due to lack of bound check",
|
|
"date": "2025-01-13",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0002",
|
|
"package": "fast-float2",
|
|
"title": "Segmentation fault due to lack of bound check",
|
|
"date": "2025-01-13",
|
|
"patched_versions": [
|
|
">=0.2.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2025-0026",
|
|
"package": "registry",
|
|
"title": "registry is unmaintained",
|
|
"date": "2025-01-13",
|
|
"patched_versions": [],
|
|
"commit_sha": "41dc296c786e5943d3238535e45e1df60b258050",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0430",
|
|
"package": "magic-crypt",
|
|
"title": "Use of insecure cryptographic algorithms",
|
|
"date": "2024-12-28",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0431",
|
|
"package": "xous",
|
|
"title": "Unsound usages of `core::slice::from_raw_parts`",
|
|
"date": "2024-12-23",
|
|
"patched_versions": [
|
|
">= 0.9.51"
|
|
],
|
|
"commit_sha": "3e051fa39e456e3981996e5cbe88f51b8bd68d76",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0424",
|
|
"package": "libafl",
|
|
"title": "Unsound usages of `core::slice::from_raw_parts_mut`",
|
|
"date": "2024-12-19",
|
|
"patched_versions": [
|
|
">= 0.11.2"
|
|
],
|
|
"commit_sha": "f70a16a09a8096d3c50159dd8a912a75c2af157c",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0435",
|
|
"package": "fyrox-core",
|
|
"title": "Unsound usages of `Vec::from_raw_parts`",
|
|
"date": "2024-12-19",
|
|
"patched_versions": [
|
|
">= 0.36"
|
|
],
|
|
"commit_sha": "474e3b01a884366cdb7d704f7456ef692e992232",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0426",
|
|
"package": "spl-token-swap",
|
|
"title": "Unsound usages of `u8` type casting",
|
|
"date": "2024-12-19",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0437",
|
|
"package": "protobuf",
|
|
"title": "Crash due to uncontrolled recursion in protobuf crate",
|
|
"date": "2024-12-12",
|
|
"patched_versions": [
|
|
">= 3.7.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0423",
|
|
"package": "gtk-layer-shell-sys",
|
|
"title": "gtk-layer-shell-sys GTK3 bindings - no longer maintained",
|
|
"date": "2024-12-09",
|
|
"patched_versions": [],
|
|
"commit_sha": "094c356273f209e04bf481fb404dc17990ae76e0",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0422",
|
|
"package": "gtk-layer-shell",
|
|
"title": "gtk-layer-shell GTK3 bindings - no longer maintained",
|
|
"date": "2024-12-09",
|
|
"patched_versions": [],
|
|
"commit_sha": "094c356273f209e04bf481fb404dc17990ae76e0",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0428",
|
|
"package": "kvm-ioctls",
|
|
"title": "Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`",
|
|
"date": "2024-12-05",
|
|
"patched_versions": [
|
|
">= 0.19.1"
|
|
],
|
|
"commit_sha": "ade910b953771f59c1c7d0622087ac44b49bf13c",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0409",
|
|
"package": "pyo3",
|
|
"title": "Build corruption when using `PYO3_CONFIG_FILE` environment variable",
|
|
"date": "2024-12-04",
|
|
"patched_versions": [
|
|
">= 0.23.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0408",
|
|
"package": "pprof",
|
|
"title": "Unsound usages of `std::slice::from_raw_parts`",
|
|
"date": "2024-12-04",
|
|
"patched_versions": [
|
|
">= 0.14.0"
|
|
],
|
|
"commit_sha": "b1d02fda496d836d755b7d9fb85831aca5c64be2",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0400",
|
|
"package": "ruzstd",
|
|
"title": "`ruzstd` uninit and out-of-bounds memory reads",
|
|
"date": "2024-11-28",
|
|
"patched_versions": [
|
|
">= 0.7.3"
|
|
],
|
|
"commit_sha": "db68f68c1a83cdb33e12a66a23b5adec240db6bf",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0399",
|
|
"package": "rustls",
|
|
"title": "rustls network-reachable panic in `Acceptor::accept`",
|
|
"date": "2024-11-22",
|
|
"patched_versions": [
|
|
">= 0.23.18"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0445",
|
|
"package": "cap-primitives",
|
|
"title": "cap-primitives doesn't fully sandbox all the Windows device filenames",
|
|
"date": "2024-11-05",
|
|
"patched_versions": [
|
|
">= 3.4.1"
|
|
],
|
|
"commit_sha": "dcc3818039761331fbeacbb3a40c542b65b5ebf7",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0379",
|
|
"package": "fast-float",
|
|
"title": "Multiple soundness issues",
|
|
"date": "2024-10-31",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0378",
|
|
"package": "pyo3",
|
|
"title": "Risk of use-after-free in `borrowed` reads from Python weak references",
|
|
"date": "2024-10-12",
|
|
"patched_versions": [
|
|
">= 0.22.4"
|
|
],
|
|
"commit_sha": "10cd042e03a2c6e83ff67c91b9bcb6395e200d48",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0402",
|
|
"package": "hashbrown",
|
|
"title": "Borsh serialization of HashMap is non-canonical",
|
|
"date": "2024-10-11",
|
|
"patched_versions": [
|
|
">= 0.15.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0377",
|
|
"package": "dbn",
|
|
"title": "Heap Buffer overflow using c_chars_to_str function",
|
|
"date": "2024-10-07",
|
|
"patched_versions": [
|
|
"> 0.22.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0375",
|
|
"package": "atty",
|
|
"title": "`atty` is unmaintained",
|
|
"date": "2024-09-25",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0374",
|
|
"package": "ouch",
|
|
"title": "Segmentation fault due to use of uninitialized memory",
|
|
"date": "2024-09-22",
|
|
"patched_versions": [
|
|
">0.3.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0427",
|
|
"package": "get-size-derive",
|
|
"title": "get-size-derive is unmaintained",
|
|
"date": "2024-09-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0425",
|
|
"package": "get-size",
|
|
"title": "get-size is unmaintained",
|
|
"date": "2024-09-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0404",
|
|
"package": "anstream",
|
|
"title": "Unsoundness in anstream",
|
|
"date": "2024-09-08",
|
|
"patched_versions": [
|
|
">= 0.6.8"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0443",
|
|
"package": "webp",
|
|
"title": "webp crate may expose memory contents when encoding an image",
|
|
"date": "2024-09-06",
|
|
"patched_versions": [
|
|
">= 0.3.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0372",
|
|
"package": "ic-cdk",
|
|
"title": "Memory leak when calling a canister method via `ic_cdk::call`",
|
|
"date": "2024-09-05",
|
|
"patched_versions": [
|
|
"^0.8.2",
|
|
"^0.9.3",
|
|
"^0.10.1",
|
|
"^0.11.6",
|
|
"^0.12.2",
|
|
"^0.13.5",
|
|
"^0.14.1",
|
|
"^0.15.1",
|
|
">= 0.16.0"
|
|
],
|
|
"commit_sha": "bd17d57a7b8ca59665fea5fad6143ca02724d03b",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0386",
|
|
"package": "strason",
|
|
"title": "strason is unmaintained",
|
|
"date": "2024-09-04",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0383",
|
|
"package": "bcc",
|
|
"title": "bcc is unmaintained",
|
|
"date": "2024-09-04",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0384",
|
|
"package": "instant",
|
|
"title": "`instant` is unmaintained",
|
|
"date": "2024-09-01",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0385",
|
|
"package": "cw0",
|
|
"title": "`cw0` is unmaintained",
|
|
"date": "2024-08-26",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0365",
|
|
"package": "diesel",
|
|
"title": "Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts",
|
|
"date": "2024-08-23",
|
|
"patched_versions": [
|
|
">= 2.2.3"
|
|
],
|
|
"commit_sha": "9eccd7d6d705ac53618bfd478152e32ec3b4536c",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0364",
|
|
"package": "gitoxide-core",
|
|
"title": "gitoxide-core does not neutralize special characters for terminals",
|
|
"date": "2024-08-22",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0363",
|
|
"package": "sqlx",
|
|
"title": "Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts",
|
|
"date": "2024-08-15",
|
|
"patched_versions": [
|
|
">= 0.8.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0390",
|
|
"package": "minitrace",
|
|
"title": "minitrace is Unmaintained",
|
|
"date": "2024-08-14",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0444",
|
|
"package": "boa_engine",
|
|
"title": "Uncaught exception when transitioning the state of `AsyncGenerator` objects from within a property getter of `then`",
|
|
"date": "2024-08-14",
|
|
"patched_versions": [
|
|
">= 0.19"
|
|
],
|
|
"commit_sha": "69ea2f52ed976934bff588d6b566bae01be313f7",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0362",
|
|
"package": "alloy-json-abi",
|
|
"title": "Stack overflow when parsing specially crafted JSON ABI strings",
|
|
"date": "2024-07-30",
|
|
"patched_versions": [
|
|
">= 0.7.7"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0360",
|
|
"package": "xmp_toolkit",
|
|
"title": "`XmpFile::close` can trigger UB",
|
|
"date": "2024-07-26",
|
|
"patched_versions": [
|
|
">= 1.9.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0359",
|
|
"package": "gix-attributes",
|
|
"title": "The kstring integration in gix-attributes is unsound",
|
|
"date": "2024-07-24",
|
|
"patched_versions": [
|
|
">= 0.22.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0358",
|
|
"package": "object_store",
|
|
"title": "Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files",
|
|
"date": "2024-07-23",
|
|
"patched_versions": [
|
|
">= 0.10.2"
|
|
],
|
|
"commit_sha": "4978e32654235f569062f2cad6c7361e410f1254",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0357",
|
|
"package": "openssl",
|
|
"title": "`MemBio::get_buf` has undefined behavior with empty buffers",
|
|
"date": "2024-07-21",
|
|
"patched_versions": [
|
|
">= 0.10.66"
|
|
],
|
|
"commit_sha": "aef36e0f3950653148d6644309ee41ccf16e02bb",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0392",
|
|
"package": "cggmp21-keygen",
|
|
"title": "Ambiguous challenge derivation",
|
|
"date": "2024-07-18",
|
|
"patched_versions": [
|
|
">= 0.3.0"
|
|
],
|
|
"commit_sha": "9b458cd57238146e471b89d577e5b35995b20e51",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0391",
|
|
"package": "paillier-zk",
|
|
"title": "Ambiguous challenge derivation",
|
|
"date": "2024-07-18",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": "06e2159e2756fa6048be90d549e9a6938ef7a26e",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0393",
|
|
"package": "cggmp21",
|
|
"title": "Ambiguous challenge derivation",
|
|
"date": "2024-07-18",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": "9b458cd57238146e471b89d577e5b35995b20e51",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0403",
|
|
"package": "js-sandbox",
|
|
"title": "op_panic in the base runtime can force a panic in the runtime's containing thread",
|
|
"date": "2024-07-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0405",
|
|
"package": "rustyscript",
|
|
"title": "op_panic in the base runtime can force a panic in the runtime's containing thread",
|
|
"date": "2024-07-18",
|
|
"patched_versions": [
|
|
">= 0.6.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0442",
|
|
"package": "wasmtime-jit-debug",
|
|
"title": "Dump Undefined Memory by `JitDumpFile`",
|
|
"date": "2024-07-06",
|
|
"patched_versions": [
|
|
">= 24.0.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0387",
|
|
"package": "opentelemetry_api",
|
|
"title": "`opentelemetry_api` has been merged into the `opentelemetry` crate",
|
|
"date": "2024-07-03",
|
|
"patched_versions": [],
|
|
"commit_sha": "42e58fc356aea17811391e7127a07acd1d6720db",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0389",
|
|
"package": "openslide",
|
|
"title": "`openslide` is unmaintained",
|
|
"date": "2024-07-03",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0388",
|
|
"package": "derivative",
|
|
"title": "`derivative` is unmaintained; consider using an alternative",
|
|
"date": "2024-06-26",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0395",
|
|
"package": "chrono-english",
|
|
"title": "The maintainer of chrono-english is unresponsive",
|
|
"date": "2024-06-24",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0344",
|
|
"package": "curve25519-dalek",
|
|
"title": "Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`",
|
|
"date": "2024-06-18",
|
|
"patched_versions": [
|
|
">= 4.1.3"
|
|
],
|
|
"commit_sha": "415892acf1cdf9161bd6a4c99bc2f4cb8fae5e6a",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0406",
|
|
"package": "ic-stable-structures",
|
|
"title": "BTreeMap memory leak when deallocating nodes with overflows",
|
|
"date": "2024-05-17",
|
|
"patched_versions": [
|
|
">= 0.6.4"
|
|
],
|
|
"commit_sha": "4f6b8ae521884833498bae26369c353c10f28ea7",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0337",
|
|
"package": "zip_next",
|
|
"title": "The crate `zip_next` has been renamed to `zip`.",
|
|
"date": "2024-04-20",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0334",
|
|
"package": "libp2p-tokio-socks5",
|
|
"title": "`libp2p-tokio-socks5` is unmaintained",
|
|
"date": "2024-04-05",
|
|
"patched_versions": [],
|
|
"commit_sha": "e1fdc92ca69ffd254824ab80fbad5660f4aac911",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0331",
|
|
"package": "puccinier",
|
|
"title": "Puccinier is unmainted.",
|
|
"date": "2024-03-31",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0429",
|
|
"package": "glib",
|
|
"title": "Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`",
|
|
"date": "2024-03-30",
|
|
"patched_versions": [
|
|
">=0.20.0"
|
|
],
|
|
"commit_sha": "05dff0ee696f9bcd8617cd48c4b812d046d440cb",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0320",
|
|
"package": "yaml-rust",
|
|
"title": "yaml-rust is unmaintained.",
|
|
"date": "2024-03-20",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0407",
|
|
"package": "linkme",
|
|
"title": "Fails to ensure slice elements match the slice's declared type",
|
|
"date": "2024-03-05",
|
|
"patched_versions": [
|
|
">= 0.3.24"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0021",
|
|
"package": "eyre",
|
|
"title": "Parts of Report are dropped as the wrong type during downcast",
|
|
"date": "2024-03-05",
|
|
"patched_versions": [
|
|
">= 0.6.12"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0417",
|
|
"package": "gdkx11",
|
|
"title": "gtk-rs GTK3 bindings - no longer maintained",
|
|
"date": "2024-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0418",
|
|
"package": "gdk-sys",
|
|
"title": "gtk-rs GTK3 bindings - no longer maintained",
|
|
"date": "2024-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0412",
|
|
"package": "gdk",
|
|
"title": "gtk-rs GTK3 bindings - no longer maintained",
|
|
"date": "2024-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0415",
|
|
"package": "gtk",
|
|
"title": "gtk-rs GTK3 bindings - no longer maintained",
|
|
"date": "2024-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0420",
|
|
"package": "gtk-sys",
|
|
"title": "gtk-rs GTK3 bindings - no longer maintained",
|
|
"date": "2024-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0410",
|
|
"package": "gdkwayland",
|
|
"title": "gtk-rs GTK3 bindings - no longer maintained",
|
|
"date": "2024-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0413",
|
|
"package": "atk",
|
|
"title": "gtk-rs GTK3 bindings - no longer maintained",
|
|
"date": "2024-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0419",
|
|
"package": "gtk3-macros",
|
|
"title": "gtk-rs GTK3 bindings - no longer maintained",
|
|
"date": "2024-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0414",
|
|
"package": "gdkx11-sys",
|
|
"title": "gtk-rs GTK3 bindings - no longer maintained",
|
|
"date": "2024-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0411",
|
|
"package": "gdkwayland-sys",
|
|
"title": "gtk-rs GTK3 bindings - no longer maintained",
|
|
"date": "2024-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0416",
|
|
"package": "atk-sys",
|
|
"title": "gtk-rs GTK3 bindings - no longer maintained",
|
|
"date": "2024-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0020",
|
|
"package": "whoami",
|
|
"title": "Stack buffer overflow with whoami on several Unix platforms",
|
|
"date": "2024-02-28",
|
|
"patched_versions": [
|
|
">= 1.5.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0018",
|
|
"package": "crayon",
|
|
"title": "ObjectPool creates uninitialized memory when freeing objects",
|
|
"date": "2024-02-27",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0014",
|
|
"package": "generational-arena",
|
|
"title": "`generational-arena` is unmaintained",
|
|
"date": "2024-02-11",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0013",
|
|
"package": "libgit2-sys",
|
|
"title": "Memory corruption, denial of service, and arbitrary code execution in libgit2",
|
|
"date": "2024-02-06",
|
|
"patched_versions": [
|
|
">= 0.16.2"
|
|
],
|
|
"commit_sha": "9e57876be78924c1e5f3f268bb599e3981fe58bb",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0010",
|
|
"package": "svix",
|
|
"title": "Improper comparison of different-length signatures",
|
|
"date": "2024-02-06",
|
|
"patched_versions": [
|
|
">= 1.17.0"
|
|
],
|
|
"commit_sha": "958821bd3b956d1436af65f70a0964d4ffb7daf6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0396",
|
|
"package": "conrod_core",
|
|
"title": "`conrod_core` is unmaintained",
|
|
"date": "2024-01-26",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0015",
|
|
"package": "filesystem",
|
|
"title": "filesystem-rs may be implicitly unmaintained",
|
|
"date": "2024-01-25",
|
|
"patched_versions": [],
|
|
"commit_sha": "895c59a81f85009fca8a5e9e8e727d4642f3adbc",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0004",
|
|
"package": "cosmwasm",
|
|
"title": "`cosmwasm` is unmaintained",
|
|
"date": "2024-01-20",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0007",
|
|
"package": "rust-i18n-support",
|
|
"title": "Use-after-free when setting the locale",
|
|
"date": "2024-01-19",
|
|
"patched_versions": [
|
|
">= 3.0.1"
|
|
],
|
|
"commit_sha": "22e0609591a2c08930f52a0e6bc860f02a0e88c0",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0001",
|
|
"package": "ferris-says",
|
|
"title": "Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8",
|
|
"date": "2024-01-13",
|
|
"patched_versions": [
|
|
">= 0.3.1"
|
|
],
|
|
"commit_sha": "bb661f29e0d88968c495a4ea4dc63ff0e2c2c11a",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2024-0005",
|
|
"package": "threadalone",
|
|
"title": "Unsound sending of non-Send types across threads",
|
|
"date": "2024-01-07",
|
|
"patched_versions": [
|
|
">= 0.2.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0075",
|
|
"package": "unsafe-libyaml",
|
|
"title": "Unaligned write of u64 on 32-bit and 16-bit platforms",
|
|
"date": "2023-12-20",
|
|
"patched_versions": [
|
|
">= 0.2.10"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0080",
|
|
"package": "transpose",
|
|
"title": "Buffer overflow due to integer overflow in `transpose`",
|
|
"date": "2023-12-18",
|
|
"patched_versions": [
|
|
">= 0.2.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0074",
|
|
"package": "zerocopy",
|
|
"title": "Some Ref methods are unsound with some type parameters",
|
|
"date": "2023-12-14",
|
|
"patched_versions": [
|
|
">= 0.2.9, < 0.3.0",
|
|
">= 0.3.2, < 0.4.0",
|
|
">= 0.4.1, < 0.5.0",
|
|
">= 0.5.2, < 0.6.0",
|
|
">= 0.6.6, < 0.7.0",
|
|
">= 0.7.31"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0073",
|
|
"package": "candid",
|
|
"title": "Infinite decoding loop through specially crafted payload",
|
|
"date": "2023-12-08",
|
|
"patched_versions": [
|
|
">= 0.9.10"
|
|
],
|
|
"commit_sha": "b233dbc2d2bcc79c9fc574dd5968269df680b073",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0079",
|
|
"package": "pqc_kyber",
|
|
"title": "KyberSlash: division timings depending on secrets",
|
|
"date": "2023-12-01",
|
|
"patched_versions": [],
|
|
"commit_sha": "b5c6ad13f4eece80e59c6ebeafd787ba1519f5f6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0072",
|
|
"package": "openssl",
|
|
"title": "`openssl` `X509StoreRef::objects` is unsound",
|
|
"date": "2023-11-23",
|
|
"patched_versions": [
|
|
">= 0.10.60"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0071",
|
|
"package": "rsa",
|
|
"title": "Marvin Attack: potential key recovery through timing sidechannels",
|
|
"date": "2023-11-22",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0076",
|
|
"package": "cpython",
|
|
"title": "`cpython` is unmaintained",
|
|
"date": "2023-11-14",
|
|
"patched_versions": [],
|
|
"commit_sha": "e815555629e557be084813045ca1ddebc2f76ef9",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0088",
|
|
"package": "loopdev",
|
|
"title": "`loopdev` crate is unmaintained; use 'loopdev-3` instead.",
|
|
"date": "2023-11-13",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0070",
|
|
"package": "self_cell",
|
|
"title": "Insufficient covariance check makes self_cell unsound",
|
|
"date": "2023-11-10",
|
|
"patched_versions": [
|
|
">= 0.10.3, < 1.0.0",
|
|
">= 1.0.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0077",
|
|
"package": "rosenpass",
|
|
"title": "Remotely exploitable DoS condition in Rosenpass <=0.2.0",
|
|
"date": "2023-11-04",
|
|
"patched_versions": [
|
|
">= 0.2.1"
|
|
],
|
|
"commit_sha": "93439858d1c44294a7b377f775c4fc897a370bb2",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0094",
|
|
"package": "martin-mbtiles",
|
|
"title": "`martin-mbtiles` has been renamed to `mbtiles`",
|
|
"date": "2023-10-30",
|
|
"patched_versions": [],
|
|
"commit_sha": "8a8814e7cc97d44f4d194586b3e9deb904c99488",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0078",
|
|
"package": "tracing",
|
|
"title": "Potential stack use-after-free in `Instrumented::into_inner`",
|
|
"date": "2023-10-19",
|
|
"patched_versions": [
|
|
">= 0.1.40"
|
|
],
|
|
"commit_sha": "82a22ee4cc4aeca2c3c1537e4115521c4a7c3c31",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0068",
|
|
"package": "cocoon",
|
|
"title": "Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse",
|
|
"date": "2023-10-15",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0087",
|
|
"package": "simd-json-derive",
|
|
"title": "`MaybeUninit` misuse in `simd-json-derive`",
|
|
"date": "2023-10-14",
|
|
"patched_versions": [
|
|
">= 0.12.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0067",
|
|
"package": "fehler",
|
|
"title": "`fehler` is unmaintained; use `culpa` instead",
|
|
"date": "2023-10-12",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0065",
|
|
"package": "tungstenite",
|
|
"title": "Tungstenite allows remote attackers to cause a denial of service",
|
|
"date": "2023-09-25",
|
|
"patched_versions": [
|
|
">= 0.20.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0064",
|
|
"package": "gix-transport",
|
|
"title": "gix-transport code execution vulnerability",
|
|
"date": "2023-09-23",
|
|
"patched_versions": [
|
|
">= 0.36.1"
|
|
],
|
|
"commit_sha": "c53bbd265005c7eedc316205b217e137e2b9896e",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0063",
|
|
"package": "quinn-proto",
|
|
"title": "Denial of service in Quinn servers",
|
|
"date": "2023-09-21",
|
|
"patched_versions": [
|
|
"^0.9.5",
|
|
">= 0.10.5"
|
|
],
|
|
"commit_sha": "f81c2fafa7381a826c76506126b217c584082177",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0085",
|
|
"package": "hpack",
|
|
"title": "HPACK decoder panics on invalid input",
|
|
"date": "2023-09-15",
|
|
"patched_versions": [],
|
|
"commit_sha": "d669282924a95311599e9e7dd53869ee96b3a2f5",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0084",
|
|
"package": "hpack",
|
|
"title": "`hpack` is unmaintained",
|
|
"date": "2023-09-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0062",
|
|
"package": "bcder",
|
|
"title": "BER/CER/DER decoder panics on invalid input",
|
|
"date": "2023-09-13",
|
|
"patched_versions": [
|
|
">= 0.7.3"
|
|
],
|
|
"commit_sha": "4da91c3fd853e3d466d8581cf1d82b7f3255de56",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0059",
|
|
"package": "users",
|
|
"title": "Unaligned read of `*const *const c_char` pointer",
|
|
"date": "2023-09-10",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0057",
|
|
"package": "inventory",
|
|
"title": "Fails to prohibit standard library access prior to initialization of Rust standard library runtime",
|
|
"date": "2023-09-10",
|
|
"patched_versions": [
|
|
">= 0.2.0"
|
|
],
|
|
"commit_sha": "b499293ff75e4f65e8cdcb50280a9247d8df814a",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0058",
|
|
"package": "inventory",
|
|
"title": "Exposes reference to non-Sync data to an arbitrary thread",
|
|
"date": "2023-09-10",
|
|
"patched_versions": [
|
|
">= 0.2.0"
|
|
],
|
|
"commit_sha": "762b5ce107a9f0d80121e614cad2d33c89c88584",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0055",
|
|
"package": "lexical",
|
|
"title": "Multiple soundness issues",
|
|
"date": "2023-09-03",
|
|
"patched_versions": [
|
|
">= 7.0.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0086",
|
|
"package": "lexical-core",
|
|
"title": "Multiple soundness issues",
|
|
"date": "2023-09-03",
|
|
"patched_versions": [
|
|
">= 1.0.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0056",
|
|
"package": "vm-memory",
|
|
"title": "Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses",
|
|
"date": "2023-09-01",
|
|
"patched_versions": [
|
|
">= 0.12.2"
|
|
],
|
|
"commit_sha": "aff1dd4a5259f7deba56692840f7a2d9ca34c9c8",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0049",
|
|
"package": "tui",
|
|
"title": "`tui` is unmaintained; use `ratatui` instead",
|
|
"date": "2023-08-07",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0095",
|
|
"package": "odoh-rs",
|
|
"title": "Invalid Slice Split Results in Server Panic",
|
|
"date": "2023-08-03",
|
|
"patched_versions": [
|
|
">= 1.0.2"
|
|
],
|
|
"commit_sha": "c1bc4ed71dcc9842b7dc1ea26f278f105074bbaa",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0051",
|
|
"package": "dlopen_derive",
|
|
"title": "`dlopen_derive` is unmaintained",
|
|
"date": "2023-07-30",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0048",
|
|
"package": "intaglio",
|
|
"title": "Unsoundness in `intern` methods on `intaglio` symbol interners",
|
|
"date": "2023-07-26",
|
|
"patched_versions": [
|
|
">= 1.9.0"
|
|
],
|
|
"commit_sha": "e2820d278a0a583a74c8fd5d662ab0a0b1892af7",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0089",
|
|
"package": "atomic-polyfill",
|
|
"title": "atomic-polyfill is unmaintained",
|
|
"date": "2023-07-11",
|
|
"patched_versions": [],
|
|
"commit_sha": "48e55c166684f37af0b00fbee5a0809b1a2bae8e",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0047",
|
|
"package": "lmdb-rs",
|
|
"title": "impl `FromMdbValue` for bool is unsound",
|
|
"date": "2023-06-26",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0045",
|
|
"package": "memoffset",
|
|
"title": "memoffset allows reading uninitialized memory",
|
|
"date": "2023-06-21",
|
|
"patched_versions": [
|
|
">= 0.6.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0044",
|
|
"package": "openssl",
|
|
"title": "`openssl` `X509VerifyParamRef::set_host` buffer over-read",
|
|
"date": "2023-06-20",
|
|
"patched_versions": [
|
|
">= 0.10.55"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0046",
|
|
"package": "cyfs-base",
|
|
"title": "Misaligned pointer dereference in `ChunkId::new`",
|
|
"date": "2023-06-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0042",
|
|
"package": "ouroboros",
|
|
"title": "Ouroboros is Unsound",
|
|
"date": "2023-06-11",
|
|
"patched_versions": [
|
|
">=0.16.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0040",
|
|
"package": "users",
|
|
"title": "`users` crate is unmaintained",
|
|
"date": "2023-06-01",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0041",
|
|
"package": "trust-dns-server",
|
|
"title": "Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets",
|
|
"date": "2023-06-01",
|
|
"patched_versions": [
|
|
"^0.22.1",
|
|
">=0.23.0-alpha.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0037",
|
|
"package": "xsalsa20poly1305",
|
|
"title": "crate has been renamed to `crypto_secretbox`",
|
|
"date": "2023-05-16",
|
|
"patched_versions": [],
|
|
"commit_sha": "277e3301eec9e02bf5c7fa4980d9894949c0dfcf",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0034",
|
|
"package": "h2",
|
|
"title": "Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)",
|
|
"date": "2023-04-14",
|
|
"patched_versions": [
|
|
">= 0.3.17"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0033",
|
|
"package": "borsh",
|
|
"title": "Parsing borsh messages with ZST which are not-copy/clone is unsound",
|
|
"date": "2023-04-12",
|
|
"patched_versions": [
|
|
">= 1.0.0-alpha.1",
|
|
"^0.10.4"
|
|
],
|
|
"commit_sha": "5cb85e4f718e945a61a7255573e46fd18828e0d0",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0036",
|
|
"package": "tree_magic",
|
|
"title": "tree_magic is Unmaintained",
|
|
"date": "2023-04-11",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0031",
|
|
"package": "spin",
|
|
"title": "Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers",
|
|
"date": "2023-03-31",
|
|
"patched_versions": [
|
|
">= 0.9.8"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0023",
|
|
"package": "openssl",
|
|
"title": "`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read",
|
|
"date": "2023-03-24",
|
|
"patched_versions": [
|
|
">= 0.10.48"
|
|
],
|
|
"commit_sha": "5efceaabd69c540b487f6372be4982cf94884008",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0024",
|
|
"package": "openssl",
|
|
"title": "`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference",
|
|
"date": "2023-03-24",
|
|
"patched_versions": [
|
|
">= 0.10.48"
|
|
],
|
|
"commit_sha": "5efceaabd69c540b487f6372be4982cf94884008",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0022",
|
|
"package": "openssl",
|
|
"title": "`openssl` `X509NameBuilder::build` returned object is not thread safe",
|
|
"date": "2023-03-24",
|
|
"patched_versions": [
|
|
">= 0.10.48"
|
|
],
|
|
"commit_sha": "5efceaabd69c540b487f6372be4982cf94884008",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0030",
|
|
"package": "versionize",
|
|
"title": "`Versionize::deserialize` implementation for `FamStructWrapper<T>` is lacking bound checks, potentially leading to out of bounds memory accesses",
|
|
"date": "2023-03-24",
|
|
"patched_versions": [
|
|
">= 0.1.10"
|
|
],
|
|
"commit_sha": "3385d797c5e5f547562d8d83fb49de69f917e1f2",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0027",
|
|
"package": "async-nats",
|
|
"title": "TLS certificate common name validation bypass",
|
|
"date": "2023-03-24",
|
|
"patched_versions": [
|
|
">= 0.29.0"
|
|
],
|
|
"commit_sha": "817a7b942c462fa9d9938dcb62124173634132fb",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0032",
|
|
"package": "ntru",
|
|
"title": "Unsound FFI: Wrong API usage causes write past allocated area",
|
|
"date": "2023-03-22",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0021",
|
|
"package": "stb_image",
|
|
"title": "NULL pointer dereference in `stb_image`",
|
|
"date": "2023-03-19",
|
|
"patched_versions": [
|
|
">= 0.2.5"
|
|
],
|
|
"commit_sha": "caf178c21f7e8b3268703f3cadc6b7e57a6275a5",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0025",
|
|
"package": "git-hash",
|
|
"title": "Gitoxide has renamed its crates.",
|
|
"date": "2023-03-14",
|
|
"patched_versions": [],
|
|
"commit_sha": "c9275b99ea43949306d93775d9d78c98fb86cfb1",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0026",
|
|
"package": "git-path",
|
|
"title": "Gitoxide has renamed its crates.",
|
|
"date": "2023-03-14",
|
|
"patched_versions": [],
|
|
"commit_sha": "c9275b99ea43949306d93775d9d78c98fb86cfb1",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0017",
|
|
"package": "maligned",
|
|
"title": "`maligned::align_first` causes incorrect deallocation",
|
|
"date": "2023-03-04",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0015",
|
|
"package": "ascii",
|
|
"title": "Ascii allows out-of-bounds array indexing in safe code",
|
|
"date": "2023-02-25",
|
|
"patched_versions": [
|
|
">= 0.9.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0018",
|
|
"package": "remove_dir_all",
|
|
"title": "Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)",
|
|
"date": "2023-02-24",
|
|
"patched_versions": [
|
|
">= 0.8.0"
|
|
],
|
|
"commit_sha": "7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0016",
|
|
"package": "partial_sort",
|
|
"title": "Possible out-of-bounds read in release mode",
|
|
"date": "2023-02-20",
|
|
"patched_versions": [
|
|
">= 0.2.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0043",
|
|
"package": "ftp",
|
|
"title": "ftp is unmaintained, use suppaftp instead",
|
|
"date": "2023-02-20",
|
|
"patched_versions": [],
|
|
"commit_sha": "32259e8bf17cef75949857a958b4fe7a9c2af297",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0019",
|
|
"package": "kuchiki",
|
|
"title": "`kuchiki` is unmaintained",
|
|
"date": "2023-01-21",
|
|
"patched_versions": [],
|
|
"commit_sha": "f92e4c047fdc30619555da282ac7ccce1d313aa6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0002",
|
|
"package": "git2",
|
|
"title": "git2 Rust package suppresses ssh host key checking",
|
|
"date": "2023-01-12",
|
|
"patched_versions": [
|
|
">= 0.16.0"
|
|
],
|
|
"commit_sha": "bce15556ef8fd7fb4f9c5122e78febbdb5b7f1ca",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0005",
|
|
"package": "tokio",
|
|
"title": "`tokio::io::ReadHalf<T>::unsplit` is Unsound",
|
|
"date": "2023-01-11",
|
|
"patched_versions": [
|
|
">= 1.18.5, < 1.19.0",
|
|
">= 1.20.4, < 1.21.0",
|
|
">= 1.24.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0004",
|
|
"package": "bzip2",
|
|
"title": "bzip2 Denial of Service (DoS)",
|
|
"date": "2023-01-09",
|
|
"patched_versions": [
|
|
">= 0.4.4"
|
|
],
|
|
"commit_sha": "90c9c182cd5a5ebc75810aebd89b347a7bdf590b",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2023-0001",
|
|
"package": "tokio",
|
|
"title": "reject_remote_clients Configuration corruption",
|
|
"date": "2023-01-04",
|
|
"patched_versions": [
|
|
">= 1.18.4, < 1.19.0",
|
|
">= 1.20.3, < 1.21.0",
|
|
">= 1.23.1"
|
|
],
|
|
"commit_sha": "9241c3eddf4a6a218681b088d71f7191513e2376",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0072",
|
|
"package": "hyper-staticfile",
|
|
"title": "Location header incorporates user input, allowing open redirect",
|
|
"date": "2022-12-23",
|
|
"patched_versions": [
|
|
"^0.9.4",
|
|
">= 0.10.0-alpha.5"
|
|
],
|
|
"commit_sha": "f12cadc6666c6f555d29725f5bc45da2103f24ea",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0073",
|
|
"package": "alloc-cortex-m",
|
|
"title": "crate has been renamed to `embedded-alloc`",
|
|
"date": "2022-12-21",
|
|
"patched_versions": [],
|
|
"commit_sha": "89cb8d50e6634130302cd444b3f547aed0fd32dc",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0077",
|
|
"package": "claim",
|
|
"title": "`claim` is Unmaintained",
|
|
"date": "2022-12-04",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0074",
|
|
"package": "prettytable-rs",
|
|
"title": "Force cast a &Vec<T> to &[T]",
|
|
"date": "2022-12-02",
|
|
"patched_versions": [
|
|
">= 0.10.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0070",
|
|
"package": "secp256k1",
|
|
"title": "Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code",
|
|
"date": "2022-11-30",
|
|
"patched_versions": [
|
|
">= 0.22.2, < 0.23.0",
|
|
">= 0.23.5, < 0.24.0",
|
|
">= 0.24.2"
|
|
],
|
|
"commit_sha": "29c13638dc679db708fa466376650cb0bf758eff",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0069",
|
|
"package": "hyper-staticfile",
|
|
"title": "Improper validation of Windows paths could lead to directory traversal attack",
|
|
"date": "2022-11-30",
|
|
"patched_versions": [
|
|
"^0.9.2",
|
|
">= 0.10.0-alpha.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0080",
|
|
"package": "parity-util-mem",
|
|
"title": "parity-util-mem Unmaintained",
|
|
"date": "2022-11-30",
|
|
"patched_versions": [],
|
|
"commit_sha": "806ca48a95c06014e0fde74a1382dc128da62206",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0094",
|
|
"package": "mimalloc",
|
|
"title": "Mimalloc Can Allocate Memory with Bad Alignment",
|
|
"date": "2022-11-23",
|
|
"patched_versions": [
|
|
">= 0.1.39"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0075",
|
|
"package": "wasmtime",
|
|
"title": "Bug in pooling instance allocator",
|
|
"date": "2022-11-10",
|
|
"patched_versions": [
|
|
">= 1.0.2, < 2.0.0",
|
|
">= 2.0.2"
|
|
],
|
|
"commit_sha": "2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0076",
|
|
"package": "wasmtime",
|
|
"title": "Bug in Wasmtime implementation of pooling instance allocator",
|
|
"date": "2022-11-10",
|
|
"patched_versions": [
|
|
">= 1.0.2, < 2.0.0",
|
|
">= 2.0.2"
|
|
],
|
|
"commit_sha": "e60c3742904ccbb3e26da201c9221c38a4981d72",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0079",
|
|
"package": "elf_rs",
|
|
"title": "ELF header parsing library doesn't check for valid offset",
|
|
"date": "2022-10-31",
|
|
"patched_versions": [
|
|
">= 0.3.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0083",
|
|
"package": "evm",
|
|
"title": "evm incorrect state transition",
|
|
"date": "2022-10-25",
|
|
"patched_versions": [
|
|
">= 0.36.0"
|
|
],
|
|
"commit_sha": "6534c1dd8ad77b53d05032f80e8a5f2de4d37fd2",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0062",
|
|
"package": "matrix-sdk",
|
|
"title": "matrix-sdk 0.6.0 logs access tokens",
|
|
"date": "2022-10-24",
|
|
"patched_versions": [
|
|
">= 0.6.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0067",
|
|
"package": "lzf",
|
|
"title": "Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value`",
|
|
"date": "2022-10-22",
|
|
"patched_versions": [
|
|
">= 0.3.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0087",
|
|
"package": "slack-morphism",
|
|
"title": "Slack Webhooks secrets leak in debug logs",
|
|
"date": "2022-10-10",
|
|
"patched_versions": [
|
|
">= 1.3.2"
|
|
],
|
|
"commit_sha": "65ef9fac4f39c4e171e2952a6cf029bb0d059a89",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0061",
|
|
"package": "parity-wasm",
|
|
"title": "Crate `parity-wasm` deprecated by the author",
|
|
"date": "2022-10-01",
|
|
"patched_versions": [],
|
|
"commit_sha": "b760a74d4b533adb01c52fb5a91d59ab87587097",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0085",
|
|
"package": "matrix-sdk-crypto",
|
|
"title": "matrix-sdk Impersonation of room keys",
|
|
"date": "2022-09-29",
|
|
"patched_versions": [
|
|
">= 0.6.0"
|
|
],
|
|
"commit_sha": "093fb5d0aa21c0b5eaea6ec96b477f1075271cbb",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0091",
|
|
"package": "tauri",
|
|
"title": "`tauri` filesystem scope partial bypass",
|
|
"date": "2022-09-19",
|
|
"patched_versions": [
|
|
">= 1.0.7, < 1.1.0",
|
|
">= 1.1.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0055",
|
|
"package": "axum-core",
|
|
"title": "No default limit put on request bodies",
|
|
"date": "2022-08-31",
|
|
"patched_versions": [
|
|
">= 0.2.8, < 0.3.0-rc.1",
|
|
">= 0.3.0-rc.2"
|
|
],
|
|
"commit_sha": "759e9887473b2c6fee3cb5650b286a0a72215150",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0057",
|
|
"package": "badge",
|
|
"title": "badge is Unmaintained",
|
|
"date": "2022-08-31",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0052",
|
|
"package": "os_socketaddr",
|
|
"title": "`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr",
|
|
"date": "2022-08-26",
|
|
"patched_versions": [
|
|
">= 0.2.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0051",
|
|
"package": "lz4-sys",
|
|
"title": "Memory corruption in liblz4",
|
|
"date": "2022-08-25",
|
|
"patched_versions": [
|
|
">= 1.9.4"
|
|
],
|
|
"commit_sha": "7a966c1511816b53ac93aa2f2a2ff97e036a4a60",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0053",
|
|
"package": "mapr",
|
|
"title": "mapr is Unmaintained",
|
|
"date": "2022-08-24",
|
|
"patched_versions": [],
|
|
"commit_sha": "f42031da81d0fd00d6f40030a64d53408012b971",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0049",
|
|
"package": "iana-time-zone",
|
|
"title": "Use after free in MacOS / iOS implementation",
|
|
"date": "2022-08-15",
|
|
"patched_versions": [
|
|
">= 0.1.45"
|
|
],
|
|
"commit_sha": "46ac3438179013e20d6da0706b421eb402cce48e",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0088",
|
|
"package": "tauri",
|
|
"title": "`tauri`'s `readDir` endpoint allows possible enumeration outside of filesystem scope",
|
|
"date": "2022-08-07",
|
|
"patched_versions": [
|
|
">= 1.0.6"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0050",
|
|
"package": "interledger-packet",
|
|
"title": "Interledger is Unmaintained",
|
|
"date": "2022-08-04",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0086",
|
|
"package": "slack-morphism",
|
|
"title": "Slack OAuth Secrets leak in debug logs",
|
|
"date": "2022-07-22",
|
|
"patched_versions": [
|
|
">= 0.41.0"
|
|
],
|
|
"commit_sha": "4923fb7d458ed28c0302244c54cb4df0acee7ee6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0034",
|
|
"package": "pkcs11",
|
|
"title": "Safety issues in `pkcs11`",
|
|
"date": "2022-07-22",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0037",
|
|
"package": "async-graphql",
|
|
"title": "Denial of service on deeply nested fragment requests",
|
|
"date": "2022-07-21",
|
|
"patched_versions": [
|
|
">= 4.0.6"
|
|
],
|
|
"commit_sha": "521769b80039fc8043d1c9883e3d6e5b57359072",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0056",
|
|
"package": "clipboard",
|
|
"title": "clipboard is Unmaintained",
|
|
"date": "2022-06-25",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0029",
|
|
"package": "crossbeam",
|
|
"title": "`MsQueue` `push`/`pop` use the wrong orderings",
|
|
"date": "2022-06-07",
|
|
"patched_versions": [
|
|
">= 0.3.0"
|
|
],
|
|
"commit_sha": "bf1fb5627d67582a53ef712e8cb07fb9ebf878fa",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0028",
|
|
"package": "neon",
|
|
"title": "Use after free in Neon external buffers",
|
|
"date": "2022-05-22",
|
|
"patched_versions": [
|
|
">= 0.10.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0046",
|
|
"package": "rocksdb",
|
|
"title": "Out-of-bounds read when opening multiple column families with TTL",
|
|
"date": "2022-05-11",
|
|
"patched_versions": [
|
|
">= 0.19.0"
|
|
],
|
|
"commit_sha": "701d46198b847fdd8e2429c1cdea17cca665574b",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0024",
|
|
"package": "double-checked-cell",
|
|
"title": "double-checked-cell is unmaintained",
|
|
"date": "2022-05-11",
|
|
"patched_versions": [],
|
|
"commit_sha": "9cf94d75316ef441033ce4c80def7c1a8c7643fe",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0054",
|
|
"package": "wee_alloc",
|
|
"title": "wee_alloc is Unmaintained",
|
|
"date": "2022-05-11",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0023",
|
|
"package": "static_type_map",
|
|
"title": "`static_type_map` has been renamed to `erased_set`",
|
|
"date": "2022-05-11",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0019",
|
|
"package": "crossbeam-channel",
|
|
"title": "Channel creates zero value of any type",
|
|
"date": "2022-05-10",
|
|
"patched_versions": [
|
|
">= 0.4.3"
|
|
],
|
|
"commit_sha": "8903df8970454be368b00b867c668e53773df0eb",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0021",
|
|
"package": "crossbeam-queue",
|
|
"title": "`SegQueue` creates zero value of any type",
|
|
"date": "2022-05-10",
|
|
"patched_versions": [
|
|
">= 0.2.3"
|
|
],
|
|
"commit_sha": "8903df8970454be368b00b867c668e53773df0eb",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0020",
|
|
"package": "crossbeam",
|
|
"title": "`SegQueue` creates zero value of any type",
|
|
"date": "2022-05-10",
|
|
"patched_versions": [
|
|
">= 0.7.0"
|
|
],
|
|
"commit_sha": "8903df8970454be368b00b867c668e53773df0eb",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0022",
|
|
"package": "hyper",
|
|
"title": "Parser creates invalid uninitialized value",
|
|
"date": "2022-05-10",
|
|
"patched_versions": [
|
|
">= 0.14.12"
|
|
],
|
|
"commit_sha": "95a978344c29351e2e381af0a91772093e01e255",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0071",
|
|
"package": "rusoto_credential",
|
|
"title": "Rusoto is unmaintained",
|
|
"date": "2022-04-24",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0092",
|
|
"package": "rmp-serde",
|
|
"title": "`rmp-serde` `Raw` and `RawRef` unsound",
|
|
"date": "2022-04-13",
|
|
"patched_versions": [
|
|
">= 1.1.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0015",
|
|
"package": "pty",
|
|
"title": "pty is unmaintained",
|
|
"date": "2022-03-22",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0012",
|
|
"package": "arrow2",
|
|
"title": "Arrow2 allows double free in `safe` code",
|
|
"date": "2022-03-04",
|
|
"patched_versions": [
|
|
">= 0.7.1, < 0.8",
|
|
">= 0.8.2, < 0.9",
|
|
">= 0.9.2, < 0.10",
|
|
">= 0.10.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0041",
|
|
"package": "crossbeam-utils",
|
|
"title": "Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64",
|
|
"date": "2022-02-05",
|
|
"patched_versions": [
|
|
">= 0.8.7"
|
|
],
|
|
"commit_sha": "924436cc71b5d7245631a0cf4f02ff536630a1fd",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0081",
|
|
"package": "json",
|
|
"title": "json is unmaintained",
|
|
"date": "2022-02-01",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0040",
|
|
"package": "owning_ref",
|
|
"title": "Multiple soundness issues in `owning_ref`",
|
|
"date": "2022-01-26",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0048",
|
|
"package": "xml-rs",
|
|
"title": "xml-rs is Unmaintained",
|
|
"date": "2022-01-26",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0007",
|
|
"package": "qcell",
|
|
"title": "A malicious coder can get unsound access to TCell or TLCell memory",
|
|
"date": "2022-01-24",
|
|
"patched_versions": [
|
|
">= 0.4.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0006",
|
|
"package": "thread_local",
|
|
"title": "Data race in `Iter` and `IterMut`",
|
|
"date": "2022-01-23",
|
|
"patched_versions": [
|
|
">= 1.1.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0005",
|
|
"package": "ftd2xx-embedded-hal",
|
|
"title": "crate has been renamed to `ftdi-embedded-hal`",
|
|
"date": "2022-01-22",
|
|
"patched_versions": [],
|
|
"commit_sha": "6a0ee4534f084fbfbb30ac06d14c21dde1f9d1f3",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0043",
|
|
"package": "tower-http",
|
|
"title": "Improper validation of Windows paths could lead to directory traversal attack",
|
|
"date": "2022-01-21",
|
|
"patched_versions": [
|
|
">= 0.2.1",
|
|
">= 0.1.3, < 0.2.0"
|
|
],
|
|
"commit_sha": "ec394e7e082ed315ab515eddddc4f958361939ef",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0003",
|
|
"package": "ammonia",
|
|
"title": "Space bug in `clean_text`",
|
|
"date": "2022-01-19",
|
|
"patched_versions": [
|
|
">= 3.1.3"
|
|
],
|
|
"commit_sha": "b2b4346a2f16f34bc3d5c6e4f202e3471464fee2",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0044",
|
|
"package": "markdown",
|
|
"title": "`markdown` (1.0.0 and higher) is maintained",
|
|
"date": "2022-01-17",
|
|
"patched_versions": [
|
|
">= 1.0.0-alpha.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0039",
|
|
"package": "odbc",
|
|
"title": "project abandoned",
|
|
"date": "2022-01-17",
|
|
"patched_versions": [],
|
|
"commit_sha": "f9e5f77fac0a6328f9759e6e0f9e10c16509aebb",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0036",
|
|
"package": "r2d2_odbc",
|
|
"title": "project abandoned",
|
|
"date": "2022-01-17",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0082",
|
|
"package": "warp",
|
|
"title": "Improper validation of Windows paths could lead to directory traversal attack",
|
|
"date": "2022-01-14",
|
|
"patched_versions": [
|
|
">= 0.3.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0002",
|
|
"package": "dashmap",
|
|
"title": "Unsoundness in `dashmap` references",
|
|
"date": "2022-01-10",
|
|
"patched_versions": [
|
|
">= 5.1.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2022-0008",
|
|
"package": "windows",
|
|
"title": "Delegate functions are missing `Send` bound",
|
|
"date": "2022-01-02",
|
|
"patched_versions": [
|
|
">= 0.32.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0134",
|
|
"package": "rental",
|
|
"title": "rental is unmaintained, author has moved on",
|
|
"date": "2021-12-27",
|
|
"patched_versions": [],
|
|
"commit_sha": "213671ab3aab3452efd7e2290c6bb714ee327014",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0141",
|
|
"package": "dotenv",
|
|
"title": "dotenv is Unmaintained",
|
|
"date": "2021-12-24",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0142",
|
|
"package": "dotenv_codegen",
|
|
"title": "dotenv is Unmaintained",
|
|
"date": "2021-12-24",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0130",
|
|
"package": "lru",
|
|
"title": "Use after free in lru crate",
|
|
"date": "2021-12-21",
|
|
"patched_versions": [
|
|
">= 0.7.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0131",
|
|
"package": "brotli-sys",
|
|
"title": "Integer overflow in the bundled Brotli C library",
|
|
"date": "2021-12-20",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0128",
|
|
"package": "rusqlite",
|
|
"title": "Incorrect Lifetime Bounds on Closures in `rusqlite`",
|
|
"date": "2021-12-07",
|
|
"patched_versions": [
|
|
">= 0.26.2",
|
|
"0.25.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0153",
|
|
"package": "encoding",
|
|
"title": "`encoding` is unmaintained",
|
|
"date": "2021-12-05",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0126",
|
|
"package": "rust-embed",
|
|
"title": "RustEmbed generated `get` method allows for directory traversal when reading files from disk",
|
|
"date": "2021-11-29",
|
|
"patched_versions": [
|
|
">= 6.3.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0124",
|
|
"package": "tokio",
|
|
"title": "Data race when sending and receiving after closing a `oneshot` channel",
|
|
"date": "2021-11-16",
|
|
"patched_versions": [
|
|
">= 1.8.4, < 1.9.0",
|
|
">= 1.13.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0123",
|
|
"package": "fruity",
|
|
"title": "Converting `NSString` to a String Truncates at Null Bytes",
|
|
"date": "2021-11-14",
|
|
"patched_versions": [
|
|
">= 0.3.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0125",
|
|
"package": "simple_asn1",
|
|
"title": "Panic on incorrect date input to `simple_asn1`",
|
|
"date": "2021-11-14",
|
|
"patched_versions": [
|
|
">=0.6.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0122",
|
|
"package": "flatbuffers",
|
|
"title": "Generated code can read and write out of bounds in safe code",
|
|
"date": "2021-10-31",
|
|
"patched_versions": [
|
|
">= 22.9.29"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0137",
|
|
"package": "sodiumoxide",
|
|
"title": "sodiumoxide is deprecated",
|
|
"date": "2021-10-22",
|
|
"patched_versions": [],
|
|
"commit_sha": "5bb1dfd2578539b89ffb0cbea25f21f00cfb963e",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0120",
|
|
"package": "abomonation",
|
|
"title": "abomonation transmutes &T to and from &[u8] without sufficient constraints",
|
|
"date": "2021-10-17",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0138",
|
|
"package": "mz-avro",
|
|
"title": "Incorrect use of `set_len` allows for un-initialized memory",
|
|
"date": "2021-10-14",
|
|
"patched_versions": [
|
|
">= 0.7.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0121",
|
|
"package": "crypto2",
|
|
"title": "Non-aligned u32 read in Chacha20 encryption and decryption",
|
|
"date": "2021-10-08",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0144",
|
|
"package": "traitobject",
|
|
"title": "traitobject is Unmaintained",
|
|
"date": "2021-10-04",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0119",
|
|
"package": "nix",
|
|
"title": "Out-of-bounds write in nix::unistd::getgrouplist",
|
|
"date": "2021-09-27",
|
|
"patched_versions": [
|
|
"^0.20.2",
|
|
"^0.21.2",
|
|
"^0.22.2",
|
|
">= 0.23.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0115",
|
|
"package": "zeroize_derive",
|
|
"title": "`#[zeroize(drop)]` doesn't implement `Drop` for `enum`s",
|
|
"date": "2021-09-24",
|
|
"patched_versions": [
|
|
">= 1.1.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0114",
|
|
"package": "nanorand",
|
|
"title": "Aliased mutable references from `tls_rand` & `TlsWyRand`",
|
|
"date": "2021-09-23",
|
|
"patched_versions": [
|
|
">= 0.6.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0111",
|
|
"package": "tremor-script",
|
|
"title": "Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`",
|
|
"date": "2021-09-16",
|
|
"patched_versions": [
|
|
">= 0.11.6"
|
|
],
|
|
"commit_sha": "ec22294e1fab94bf344d85b7664d224e4790ddec",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0116",
|
|
"package": "arrow",
|
|
"title": "`BinaryArray` does not perform bound checks on reading values and offsets",
|
|
"date": "2021-09-14",
|
|
"patched_versions": [
|
|
">= 6.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0117",
|
|
"package": "arrow",
|
|
"title": "`DecimalArray` does not perform bound checks on accessing values and offsets",
|
|
"date": "2021-09-14",
|
|
"patched_versions": [
|
|
">= 6.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0118",
|
|
"package": "arrow",
|
|
"title": "`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets",
|
|
"date": "2021-09-14",
|
|
"patched_versions": [
|
|
">= 6.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0154",
|
|
"package": "fuser",
|
|
"title": "Uninitalized memory read & leak caused by fuser crate",
|
|
"date": "2021-09-10",
|
|
"patched_versions": [
|
|
">= 0.16.0"
|
|
],
|
|
"commit_sha": "47113e10ea4ab4be5b562cdc0d8cc8d41ce50311",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0100",
|
|
"package": "sha2",
|
|
"title": "Miscomputed results when using AVX2 backend",
|
|
"date": "2021-09-08",
|
|
"patched_versions": [
|
|
">= 0.9.8"
|
|
],
|
|
"commit_sha": "93d895de72c2cb3ac7bc106f03e33715f8f304c2",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0147",
|
|
"package": "daemonize",
|
|
"title": "`daemonize` is Unmaintained",
|
|
"date": "2021-09-01",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0099",
|
|
"package": "cosmos_sdk",
|
|
"title": "Crate has been renamed to `cosmrs`",
|
|
"date": "2021-08-25",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0139",
|
|
"package": "ansi_term",
|
|
"title": "ansi_term is Unmaintained",
|
|
"date": "2021-08-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0096",
|
|
"package": "spirv_headers",
|
|
"title": "spirv_headers is unmaintained, use spirv instead",
|
|
"date": "2021-08-16",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0082",
|
|
"package": "vec-const",
|
|
"title": "vec-const attempts to construct a Vec from a pointer to a const slice",
|
|
"date": "2021-08-14",
|
|
"patched_versions": [
|
|
">= 2.0.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0080",
|
|
"package": "tar",
|
|
"title": "Links in archive can create arbitrary directories",
|
|
"date": "2021-07-19",
|
|
"patched_versions": [
|
|
">= 0.4.36"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0076",
|
|
"package": "libsecp256k1",
|
|
"title": "libsecp256k1 allows overflowing signatures",
|
|
"date": "2021-07-13",
|
|
"patched_versions": [
|
|
">= 0.5.0"
|
|
],
|
|
"commit_sha": "b525d5d318d9672a40250c1725fa1bb3156688b7",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0073",
|
|
"package": "prost-types",
|
|
"title": "Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic",
|
|
"date": "2021-07-08",
|
|
"patched_versions": [
|
|
">= 0.8.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0075",
|
|
"package": "ark-r1cs-std",
|
|
"title": "Flaw in `FieldVar::mul_by_inverse` allows unsound R1CS constraint systems",
|
|
"date": "2021-07-08",
|
|
"patched_versions": [
|
|
">= 0.3.1"
|
|
],
|
|
"commit_sha": "47ddbaa411afe7c499311a248a38135e5a192b67",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0074",
|
|
"package": "ammonia",
|
|
"title": "Incorrect handling of embedded SVG and MathML leads to mutation XSS",
|
|
"date": "2021-07-08",
|
|
"patched_versions": [
|
|
">= 3.1.0",
|
|
">= 2.1.3, < 3.0.0"
|
|
],
|
|
"commit_sha": "bcdf2d862675a37f4cace6c5258bb09aac0b9f85",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0072",
|
|
"package": "tokio",
|
|
"title": "Task dropped in wrong thread when aborting `LocalSet` task",
|
|
"date": "2021-07-07",
|
|
"patched_versions": [
|
|
">= 1.5.1, < 1.6.0",
|
|
">= 1.6.3, < 1.7.0",
|
|
">= 1.7.2, < 1.8.0",
|
|
">= 1.8.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0145",
|
|
"package": "atty",
|
|
"title": "Potential unaligned read",
|
|
"date": "2021-07-04",
|
|
"patched_versions": [],
|
|
"commit_sha": "4a91c27fe236ee06b4c6106f7d3ef03fe58832dc",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0071",
|
|
"package": "grep-cli",
|
|
"title": "`grep-cli` may run arbitrary executables on Windows",
|
|
"date": "2021-06-12",
|
|
"patched_versions": [
|
|
">= 0.1.6"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0070",
|
|
"package": "nalgebra",
|
|
"title": "VecStorage Deserialize Allows Violation of Length Invariant",
|
|
"date": "2021-06-06",
|
|
"patched_versions": [
|
|
">= 0.27.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0095",
|
|
"package": "mopa",
|
|
"title": "`mopa` is technically unsound",
|
|
"date": "2021-06-01",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0069",
|
|
"package": "lettre",
|
|
"title": "SMTP command injection in body",
|
|
"date": "2021-05-22",
|
|
"patched_versions": [
|
|
">= 0.10.0-rc.3",
|
|
"< 0.10.0-alpha.1, >= 0.9.6"
|
|
],
|
|
"commit_sha": "b0e2fc9bcac466d49fca8d25a6c6252811a29c6c",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0146",
|
|
"package": "twoway",
|
|
"title": "Crate `twoway` deprecated by the author",
|
|
"date": "2021-05-20",
|
|
"patched_versions": [],
|
|
"commit_sha": "e99b3c718df1117ad7f54c33f6540c8f46cc17dd",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0068",
|
|
"package": "iced-x86",
|
|
"title": "Soundness issue in `iced-x86` versions <= 1.10.3",
|
|
"date": "2021-05-19",
|
|
"patched_versions": [
|
|
"> 1.10.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0065",
|
|
"package": "anymap",
|
|
"title": "anymap is unmaintained.",
|
|
"date": "2021-05-07",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0064",
|
|
"package": "cpuid-bool",
|
|
"title": "`cpuid-bool` has been renamed to `cpufeatures`",
|
|
"date": "2021-05-06",
|
|
"patched_versions": [],
|
|
"commit_sha": "b2d97b23e721f509fa6004175f3ffdf40d9e7402",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0060",
|
|
"package": "aes-soft",
|
|
"title": "`aes-soft` has been merged into the `aes` crate",
|
|
"date": "2021-04-29",
|
|
"patched_versions": [],
|
|
"commit_sha": "cd5a34f0533b0acf310a29c0cbbd55e94c9741d8",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0059",
|
|
"package": "aesni",
|
|
"title": "`aesni` has been merged into the `aes` crate",
|
|
"date": "2021-04-29",
|
|
"patched_versions": [],
|
|
"commit_sha": "cd5a34f0533b0acf310a29c0cbbd55e94c9741d8",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0061",
|
|
"package": "aes-ctr",
|
|
"title": "`aes-ctr` has been merged into the `aes` crate",
|
|
"date": "2021-04-29",
|
|
"patched_versions": [],
|
|
"commit_sha": "cd5a34f0533b0acf310a29c0cbbd55e94c9741d8",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0054",
|
|
"package": "rkyv",
|
|
"title": "Archives may contain uninitialized memory",
|
|
"date": "2021-04-28",
|
|
"patched_versions": [
|
|
">= 0.6.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0113",
|
|
"package": "metrics-util",
|
|
"title": "AtomicBucket<T> unconditionally implements Send/Sync",
|
|
"date": "2021-04-07",
|
|
"patched_versions": [
|
|
">= 0.7.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0136",
|
|
"package": "sass-rs",
|
|
"title": "`sass-rs` has been deprecated",
|
|
"date": "2021-04-07",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0041",
|
|
"package": "parse_duration",
|
|
"title": "Denial of service through parsing payloads with too big exponent",
|
|
"date": "2021-03-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0053",
|
|
"package": "algorithmica",
|
|
"title": "'merge_sort::merge()' crashes with double-free for `T: Drop`",
|
|
"date": "2021-03-07",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0038",
|
|
"package": "fltk",
|
|
"title": "Multiple memory safety issues",
|
|
"date": "2021-03-06",
|
|
"patched_versions": [
|
|
">= 0.15.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0037",
|
|
"package": "diesel",
|
|
"title": "Fix a use-after-free bug in diesels Sqlite backend",
|
|
"date": "2021-03-05",
|
|
"patched_versions": [
|
|
">= 1.4.6"
|
|
],
|
|
"commit_sha": "ae72835078156a3ff3b5b17e2a235189ef892af7",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0035",
|
|
"package": "quinn",
|
|
"title": "`quinn` invalidly assumes the memory layout of std::net::SocketAddr",
|
|
"date": "2021-03-04",
|
|
"patched_versions": [
|
|
"^0.5.4",
|
|
"^0.6.2",
|
|
">= 0.7.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0036",
|
|
"package": "internment",
|
|
"title": "Intern<T>: Data race allowed on T",
|
|
"date": "2021-03-03",
|
|
"patched_versions": [
|
|
">= 0.4.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0032",
|
|
"package": "byte_struct",
|
|
"title": "Deserializing an array can drop uninitialized memory on panic",
|
|
"date": "2021-03-01",
|
|
"patched_versions": [
|
|
">= 0.6.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0062",
|
|
"package": "miscreant",
|
|
"title": "project abandoned; migrate to the `aes-siv` crate",
|
|
"date": "2021-02-28",
|
|
"patched_versions": [],
|
|
"commit_sha": "5d921f579e0c2b9960d472cf377b8487d97fbcec",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0052",
|
|
"package": "id-map",
|
|
"title": "Multiple functions can cause double-frees",
|
|
"date": "2021-02-26",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0050",
|
|
"package": "reorder",
|
|
"title": "swap_index can write out of bounds and return uninitialized memory",
|
|
"date": "2021-02-24",
|
|
"patched_versions": [
|
|
">= 1.1.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0033",
|
|
"package": "stack_dst",
|
|
"title": "push_cloned can drop uninitialized memory or double free on panic",
|
|
"date": "2021-02-22",
|
|
"patched_versions": [
|
|
">= 0.6.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0047",
|
|
"package": "slice-deque",
|
|
"title": "SliceDeque::drain_filter can double drop an element if the predicate panics",
|
|
"date": "2021-02-19",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0028",
|
|
"package": "toodee",
|
|
"title": "Multiple memory safety issues in insert_row",
|
|
"date": "2021-02-19",
|
|
"patched_versions": [
|
|
">= 0.3.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0048",
|
|
"package": "stackvector",
|
|
"title": "StackVec::extend can write out of bounds when size_hint is incorrect",
|
|
"date": "2021-02-19",
|
|
"patched_versions": [
|
|
">= 1.0.9"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0030",
|
|
"package": "scratchpad",
|
|
"title": "move_elements can double-free objects on panic",
|
|
"date": "2021-02-18",
|
|
"patched_versions": [
|
|
">= 1.3.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0049",
|
|
"package": "through",
|
|
"title": "`through` and `through_and` causes a double free if the map function panics",
|
|
"date": "2021-02-18",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0029",
|
|
"package": "truetype",
|
|
"title": "Tape::take_bytes exposes uninitialized memory to a user-provided Read",
|
|
"date": "2021-02-17",
|
|
"patched_versions": [
|
|
">= 0.30.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0112",
|
|
"package": "tectonic_xdv",
|
|
"title": "`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)",
|
|
"date": "2021-02-17",
|
|
"patched_versions": [
|
|
">= 0.1.12"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0043",
|
|
"package": "uu_od",
|
|
"title": "PartialReader passes uninitialized memory to user-provided Read",
|
|
"date": "2021-02-17",
|
|
"patched_versions": [
|
|
">= 0.0.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0046",
|
|
"package": "telemetry",
|
|
"title": "misc::vec_with_size() can drop uninitialized memory if clone panics",
|
|
"date": "2021-02-17",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0024",
|
|
"package": "safe-api",
|
|
"title": "crate has been renamed to `sn_api`",
|
|
"date": "2021-02-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0025",
|
|
"package": "jsonrpc-quic",
|
|
"title": "crate has been renamed to `qjsonrpc`",
|
|
"date": "2021-02-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0021",
|
|
"package": "nb-connect",
|
|
"title": "`nb-connect` invalidly assumes the memory layout of std::net::SocketAddr",
|
|
"date": "2021-02-14",
|
|
"patched_versions": [
|
|
">= 1.0.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0023",
|
|
"package": "rand_core",
|
|
"title": "Incorrect check on buffer length when seeding RNGs",
|
|
"date": "2021-02-12",
|
|
"patched_versions": [
|
|
">= 0.6.2"
|
|
],
|
|
"commit_sha": "3a03c9eb5350e03a3f540dba2ee34e0984f2c2c2",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0044",
|
|
"package": "rocket",
|
|
"title": "Use after free possible in `uri::Formatter` on panic",
|
|
"date": "2021-02-09",
|
|
"patched_versions": [
|
|
">= 0.4.7"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0019",
|
|
"package": "xcb",
|
|
"title": "Multiple soundness issues",
|
|
"date": "2021-02-04",
|
|
"patched_versions": [
|
|
">= 1.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0034",
|
|
"package": "office",
|
|
"title": "office is unmaintained, use calamine instead",
|
|
"date": "2021-02-04",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0018",
|
|
"package": "qwutils",
|
|
"title": "insert_slice_clone can double drop if Clone panics.",
|
|
"date": "2021-02-03",
|
|
"patched_versions": [
|
|
">= 0.3.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0094",
|
|
"package": "rdiff",
|
|
"title": "Window can read out of bounds if Read instance returns more bytes than buffer size",
|
|
"date": "2021-02-03",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0051",
|
|
"package": "outer_cgi",
|
|
"title": "KeyValueReader passes uninitialized memory to Read instance",
|
|
"date": "2021-01-31",
|
|
"patched_versions": [
|
|
">= 0.2.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0031",
|
|
"package": "nano_arena",
|
|
"title": "split_at allows obtaining multiple mutable references to the same data",
|
|
"date": "2021-01-31",
|
|
"patched_versions": [
|
|
">= 0.5.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0017",
|
|
"package": "postscript",
|
|
"title": "`Read` on uninitialized buffer may cause UB (`impl Walue for Vec<u8>`)",
|
|
"date": "2021-01-30",
|
|
"patched_versions": [
|
|
">= 0.14.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0092",
|
|
"package": "messagepack-rs",
|
|
"title": "Deserialization functions pass uninitialized memory to user-provided Read",
|
|
"date": "2021-01-26",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0016",
|
|
"package": "ms3d",
|
|
"title": "`IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB",
|
|
"date": "2021-01-26",
|
|
"patched_versions": [
|
|
">= 0.1.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0042",
|
|
"package": "insert_many",
|
|
"title": "insert_many can drop elements twice on panic",
|
|
"date": "2021-01-26",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0014",
|
|
"package": "marc",
|
|
"title": "Record::read : Custom `Read` on uninitialized buffer may cause UB",
|
|
"date": "2021-01-26",
|
|
"patched_versions": [
|
|
">= 2.0.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0135",
|
|
"package": "tower-http",
|
|
"title": "Improper validation of Windows paths could lead to directory traversal attack",
|
|
"date": "2021-01-21",
|
|
"patched_versions": [
|
|
">= 0.2.1",
|
|
">= 0.1.3, < 0.2.0"
|
|
],
|
|
"commit_sha": "ec394e7e082ed315ab515eddddc4f958361939ef",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0083",
|
|
"package": "derive-com-impl",
|
|
"title": "QueryInterface should call AddRef before returning pointer",
|
|
"date": "2021-01-20",
|
|
"patched_versions": [
|
|
">= 0.1.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0089",
|
|
"package": "raw-cpuid",
|
|
"title": "Optional `Deserialize` implementations lacking validation",
|
|
"date": "2021-01-20",
|
|
"patched_versions": [
|
|
">= 9.1.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0013",
|
|
"package": "raw-cpuid",
|
|
"title": "Soundness issues in `raw-cpuid`",
|
|
"date": "2021-01-20",
|
|
"patched_versions": [
|
|
">= 9.0.0"
|
|
],
|
|
"commit_sha": "b33006702bd96c68a6828f21862f7923eee94f5d",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0152",
|
|
"package": "out-reference",
|
|
"title": "`out_reference::Out::from_raw` should be `unsafe`",
|
|
"date": "2021-01-20",
|
|
"patched_versions": [
|
|
">= 0.2.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0004",
|
|
"package": "lazy-init",
|
|
"title": "Missing Send bound for Lazy",
|
|
"date": "2021-01-17",
|
|
"patched_versions": [
|
|
"> 0.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0010",
|
|
"package": "containers",
|
|
"title": "panic safety: double drop may happen within `util::{mutate, mutate2}`",
|
|
"date": "2021-01-12",
|
|
"patched_versions": [
|
|
">= 0.9.11"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0040",
|
|
"package": "arenavec",
|
|
"title": "panic safety: double drop or uninitialized drop of T upon panic",
|
|
"date": "2021-01-12",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0045",
|
|
"package": "adtensor",
|
|
"title": "FromIterator implementation for Vector/Matrix can drop uninitialized memory",
|
|
"date": "2021-01-11",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0005",
|
|
"package": "glsl-layout",
|
|
"title": "Double drop upon panic in 'fn map_array()'",
|
|
"date": "2021-01-10",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": "4298b9de04c7b721d242f2169dbb6f155788c859",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0009",
|
|
"package": "basic_dsp_matrix",
|
|
"title": "panic safety issue in `impl TransformContent<S, D> for [S; (2|3|4)]`",
|
|
"date": "2021-01-10",
|
|
"patched_versions": [
|
|
">= 0.9.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0003",
|
|
"package": "smallvec",
|
|
"title": "Buffer overflow in SmallVec::insert_many",
|
|
"date": "2021-01-08",
|
|
"patched_versions": [
|
|
">= 0.6.14, < 1.0.0",
|
|
">= 1.6.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0086",
|
|
"package": "flumedb",
|
|
"title": "`Read` on uninitialized buffer may cause UB ( `read_entry()` )",
|
|
"date": "2021-01-07",
|
|
"patched_versions": [
|
|
">=0.1.6"
|
|
],
|
|
"commit_sha": "14b7440271c9d2316fab52c745e21087559364f6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0007",
|
|
"package": "av-data",
|
|
"title": "`Frame::copy_from_raw_parts` can lead to segfault without `unsafe`",
|
|
"date": "2021-01-07",
|
|
"patched_versions": [
|
|
">= 0.3.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0090",
|
|
"package": "ash",
|
|
"title": "Reading on uninitialized memory may cause UB ( `util::read_spv()` )",
|
|
"date": "2021-01-07",
|
|
"patched_versions": [
|
|
">= 0.33.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0087",
|
|
"package": "columnar",
|
|
"title": "columnar: `Read` on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())",
|
|
"date": "2021-01-07",
|
|
"patched_versions": [
|
|
">= 0.1.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0091",
|
|
"package": "gfx-auxil",
|
|
"title": "Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` )",
|
|
"date": "2021-01-07",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0015",
|
|
"package": "calamine",
|
|
"title": "`Sectors::get` accesses unclaimed/uninitialized memory",
|
|
"date": "2021-01-06",
|
|
"patched_versions": [
|
|
">= 0.17.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0088",
|
|
"package": "csv-sniffer",
|
|
"title": "`Read` on uninitialized memory may cause UB (fn preamble_skipcount())",
|
|
"date": "2021-01-05",
|
|
"patched_versions": [
|
|
">= 0.2.0"
|
|
],
|
|
"commit_sha": "c7710414aa256c7cd33fb4530656f5ab38e306f7",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0011",
|
|
"package": "fil-ocl",
|
|
"title": "EventList's From<EventList> conversions can double drop on panic.",
|
|
"date": "2021-01-04",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0143",
|
|
"package": "kamadak-exif",
|
|
"title": "kamadak-exif DoS with untrusted PNG data",
|
|
"date": "2021-01-04",
|
|
"patched_versions": [
|
|
">= 0.5.3"
|
|
],
|
|
"commit_sha": "1b05eab57e484cd7d576d4357b9cda7fdc57df8c",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0085",
|
|
"package": "binjs_io",
|
|
"title": "'Read' on uninitialized memory may cause UB",
|
|
"date": "2021-01-03",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0084",
|
|
"package": "bronzedb-protocol",
|
|
"title": "`Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)",
|
|
"date": "2021-01-03",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0012",
|
|
"package": "cdr",
|
|
"title": "Reading uninitialized memory can cause UB (`Deserializer::read_vec`)",
|
|
"date": "2021-01-02",
|
|
"patched_versions": [
|
|
">= 0.2.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0008",
|
|
"package": "bra",
|
|
"title": "reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)",
|
|
"date": "2021-01-02",
|
|
"patched_versions": [
|
|
">= 0.1.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2021-0006",
|
|
"package": "cache",
|
|
"title": "Exposes internally used raw pointer",
|
|
"date": "2021-01-01",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0132",
|
|
"package": "array-tools",
|
|
"title": "`FixedCapacityDequeLike::clone()` can cause dropping uninitialized memory",
|
|
"date": "2020-12-31",
|
|
"patched_versions": [
|
|
">= 0.3.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0103",
|
|
"package": "autorand",
|
|
"title": "`impl Random` on arrays can lead to dropping uninitialized memory",
|
|
"date": "2020-12-31",
|
|
"patched_versions": [
|
|
">= 0.2.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0153",
|
|
"package": "bite",
|
|
"title": "`read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)",
|
|
"date": "2020-12-31",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0154",
|
|
"package": "buffoon",
|
|
"title": "InputStream::read_exact : `Read` on uninitialized buffer causes UB",
|
|
"date": "2020-12-31",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0155",
|
|
"package": "acc_reader",
|
|
"title": "`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`",
|
|
"date": "2020-12-27",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0143",
|
|
"package": "multiqueue",
|
|
"title": "Queues allow non-Send types to be sent to other threads, allowing data races",
|
|
"date": "2020-12-25",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0109",
|
|
"package": "stderr",
|
|
"title": "stderr is unmaintained; use eprintln instead",
|
|
"date": "2020-12-22",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0114",
|
|
"package": "va-ts",
|
|
"title": "`Demuxer` can carry non-Send types across thread boundaries",
|
|
"date": "2020-12-22",
|
|
"patched_versions": [
|
|
">= 0.0.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0101",
|
|
"package": "conquer-once",
|
|
"title": "conquer-once's OnceCell lacks Send bound for its Sync trait.",
|
|
"date": "2020-12-22",
|
|
"patched_versions": [
|
|
">= 0.3.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0105",
|
|
"package": "abi_stable",
|
|
"title": "Update unsound DrainFilter and RString::retain",
|
|
"date": "2020-12-21",
|
|
"patched_versions": [
|
|
">= 0.9.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0108",
|
|
"package": "eventio",
|
|
"title": "Soundness issue: Input<R> can be misused to create data race to an object",
|
|
"date": "2020-12-20",
|
|
"patched_versions": [
|
|
">= 0.5.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0095",
|
|
"package": "difference",
|
|
"title": "difference is unmaintained",
|
|
"date": "2020-12-20",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0106",
|
|
"package": "multiqueue2",
|
|
"title": "Queues allow non-Send types to be sent to other threads, allowing data races",
|
|
"date": "2020-12-19",
|
|
"patched_versions": [
|
|
">= 0.1.7"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0127",
|
|
"package": "v9",
|
|
"title": "SyncRef's clone() and debug() allow data races",
|
|
"date": "2020-12-18",
|
|
"patched_versions": [
|
|
">= 0.1.43"
|
|
],
|
|
"commit_sha": "18847c50e5d36561cc91c996c3539ddb1eacf6c7",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0112",
|
|
"package": "buttplug",
|
|
"title": "ButtplugFutureStateShared allows data race to (!Send|!Sync) objects",
|
|
"date": "2020-12-18",
|
|
"patched_versions": [
|
|
">= 1.0.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0152",
|
|
"package": "max7301",
|
|
"title": "ImmediateIO and TransactionalIO can cause data races",
|
|
"date": "2020-12-18",
|
|
"patched_versions": [
|
|
">= 0.2.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0129",
|
|
"package": "kekbit",
|
|
"title": "ShmWriter allows sending non-Send type across threads",
|
|
"date": "2020-12-18",
|
|
"patched_versions": [
|
|
">= 0.3.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0098",
|
|
"package": "rusb",
|
|
"title": "UsbContext trait did not require implementers to be Send and Sync.",
|
|
"date": "2020-12-18",
|
|
"patched_versions": [
|
|
">= 0.7.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0150",
|
|
"package": "disrustor",
|
|
"title": "RingBuffer can create multiple mutable references and cause data races",
|
|
"date": "2020-12-17",
|
|
"patched_versions": [
|
|
">= 0.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0097",
|
|
"package": "xcb",
|
|
"title": "Soundness issue with base::Error",
|
|
"date": "2020-12-10",
|
|
"patched_versions": [
|
|
">= 1.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0141",
|
|
"package": "noise_search",
|
|
"title": "MvccRwLock allows data races & aliasing violations",
|
|
"date": "2020-12-10",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0148",
|
|
"package": "cgc",
|
|
"title": "Multiple soundness issues in `Ptr`",
|
|
"date": "2020-12-10",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0091",
|
|
"package": "arc-swap",
|
|
"title": "Dangling reference in `access::Map` with Constant",
|
|
"date": "2020-12-10",
|
|
"patched_versions": [
|
|
">= 0.4.8, < 1.0.0-0",
|
|
">= 1.1.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0118",
|
|
"package": "tiny_future",
|
|
"title": "Future<T> lacks bounds on Send and Sync.",
|
|
"date": "2020-12-08",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0124",
|
|
"package": "async-coap",
|
|
"title": "ArcGuard's Send and Sync should have bounds on RC",
|
|
"date": "2020-12-08",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0104",
|
|
"package": "gfwx",
|
|
"title": "ImageChunkMut needs bounds on its Send and Sync traits",
|
|
"date": "2020-12-08",
|
|
"patched_versions": [
|
|
">= 0.3.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0084",
|
|
"package": "safe_authenticator",
|
|
"title": "crate has been superseded by `sn_client`",
|
|
"date": "2020-12-07",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0085",
|
|
"package": "safe_vault",
|
|
"title": "crate has been renamed to `sn_node`",
|
|
"date": "2020-12-07",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0086",
|
|
"package": "safe_core",
|
|
"title": "crate has been renamed to `sn_client`",
|
|
"date": "2020-12-07",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0083",
|
|
"package": "safe_app",
|
|
"title": "crate has been superseded by `sn_client`",
|
|
"date": "2020-12-07",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0082",
|
|
"package": "ordered-float",
|
|
"title": "ordered_float:NotNan may contain NaN after panic in assignment operators",
|
|
"date": "2020-12-06",
|
|
"patched_versions": [
|
|
"^1.1.1",
|
|
">= 2.0.1"
|
|
],
|
|
"commit_sha": "c55cda301c943270b7eb2b4765bedbcce56edb90",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0077",
|
|
"package": "memmap",
|
|
"title": "memmap is unmaintained",
|
|
"date": "2020-12-02",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0094",
|
|
"package": "reffers",
|
|
"title": "Unsound: can make `ARefss` contain a !Send, !Sync object.",
|
|
"date": "2020-12-01",
|
|
"patched_versions": [
|
|
">= 0.6.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0088",
|
|
"package": "magnetic",
|
|
"title": "MPMCConsumer/Producer allows sending non-Send type across threads",
|
|
"date": "2020-11-29",
|
|
"patched_versions": [
|
|
">= 2.0.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0142",
|
|
"package": "syncpool",
|
|
"title": "Send bound needed on T (for Send impl of `Bucket2`)",
|
|
"date": "2020-11-29",
|
|
"patched_versions": [
|
|
">= 0.1.6"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0075",
|
|
"package": "branca",
|
|
"title": "Unexpected panic when decoding tokens",
|
|
"date": "2020-11-29",
|
|
"patched_versions": [
|
|
">= 0.10.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0074",
|
|
"package": "pyo3",
|
|
"title": "Reference counting error in `From<Py<T>>`",
|
|
"date": "2020-11-28",
|
|
"patched_versions": [
|
|
">= 0.12.4"
|
|
],
|
|
"commit_sha": "1ee3961a0de6a74a4c5160c97a88696a2164025b",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0117",
|
|
"package": "conqueue",
|
|
"title": "QueueSender<T>/QueueReceiver<T>: Send/Sync impls need `T: Send`",
|
|
"date": "2020-11-24",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0128",
|
|
"package": "cache",
|
|
"title": "Cache<K>: Send/Sync impls needs trait bounds on `K`",
|
|
"date": "2020-11-24",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0125",
|
|
"package": "convec",
|
|
"title": "convec::ConVec<T> unconditionally implements Send/Sync",
|
|
"date": "2020-11-24",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0071",
|
|
"package": "time",
|
|
"title": "Potential segfault in the time crate",
|
|
"date": "2020-11-18",
|
|
"patched_versions": [
|
|
">= 0.2.23"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0135",
|
|
"package": "slock",
|
|
"title": "Slock<T> allows sending non-Send types across thread boundaries",
|
|
"date": "2020-11-17",
|
|
"patched_versions": [
|
|
">= 0.2.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0119",
|
|
"package": "ticketed_lock",
|
|
"title": "ReadTicket and WriteTicket should only be sendable when T is Send",
|
|
"date": "2020-11-17",
|
|
"patched_versions": [
|
|
">= 0.3.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0087",
|
|
"package": "try-mutex",
|
|
"title": "TryMutex<T> allows sending non-Send type across threads",
|
|
"date": "2020-11-17",
|
|
"patched_versions": [
|
|
">= 0.3.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0151",
|
|
"package": "generator",
|
|
"title": "Generators can cause data races if non-Send types are used in their generator functions",
|
|
"date": "2020-11-16",
|
|
"patched_versions": [
|
|
">= 0.7.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0115",
|
|
"package": "ruspiro-singleton",
|
|
"title": "Singleton lacks bounds on Send and Sync.",
|
|
"date": "2020-11-16",
|
|
"patched_versions": [
|
|
">= 0.4.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0149",
|
|
"package": "appendix",
|
|
"title": "Data race and memory safety issue in `Index`",
|
|
"date": "2020-11-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0126",
|
|
"package": "signal-simple",
|
|
"title": "SyncChannel<T> can move 'T: !Send' to other threads",
|
|
"date": "2020-11-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0136",
|
|
"package": "toolshed",
|
|
"title": "CopyCell lacks bounds on its Send trait allowing for data races",
|
|
"date": "2020-11-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0133",
|
|
"package": "scottqueue",
|
|
"title": "Queue<T> should have a Send bound on its Send/Sync traits",
|
|
"date": "2020-11-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0116",
|
|
"package": "unicycle",
|
|
"title": "PinSlab<T> and Unordered<T, S> need bounds on their Send/Sync traits",
|
|
"date": "2020-11-15",
|
|
"patched_versions": [
|
|
">= 0.7.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0134",
|
|
"package": "parc",
|
|
"title": "`LockWeak<T>` allows to create data race to `T`.",
|
|
"date": "2020-11-14",
|
|
"patched_versions": [],
|
|
"commit_sha": "5e43ee86e6a67153ff65da2051f6eb0a77f2c6b8",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0131",
|
|
"package": "rcu_cell",
|
|
"title": "Send/Sync bound needed on T for Send/Sync impl of RcuCell<T>",
|
|
"date": "2020-11-14",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0092",
|
|
"package": "concread",
|
|
"title": "Send/Sync bound needed on V in `impl Send/Sync for ARCache<K, V>`",
|
|
"date": "2020-11-13",
|
|
"patched_versions": [
|
|
">= 0.2.6"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0080",
|
|
"package": "miow",
|
|
"title": "`miow` invalidly assumes the memory layout of std::net::SocketAddr",
|
|
"date": "2020-11-13",
|
|
"patched_versions": [
|
|
"^ 0.2.2",
|
|
">= 0.3.6"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0073",
|
|
"package": "image",
|
|
"title": "Mutable reference with immutable provenance",
|
|
"date": "2020-11-12",
|
|
"patched_versions": [
|
|
">= 0.23.12"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0130",
|
|
"package": "bunch",
|
|
"title": "Bunch<T> unconditionally implements Send/Sync",
|
|
"date": "2020-11-12",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0069",
|
|
"package": "lettre",
|
|
"title": "Argument injection in sendmail transport",
|
|
"date": "2020-11-11",
|
|
"patched_versions": [
|
|
">= 0.10.0-alpha.4",
|
|
"< 0.10.0-alpha.1, >= 0.9.5",
|
|
"< 0.9.0, >= 0.8.4",
|
|
"< 0.8.0, >= 0.7.1"
|
|
],
|
|
"commit_sha": "4a9d4fbf7e0ab66041a53f19f8c64fb4d5baf4a1",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0140",
|
|
"package": "model",
|
|
"title": "`Shared` can cause a data race",
|
|
"date": "2020-11-10",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0107",
|
|
"package": "hashconsing",
|
|
"title": "hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.",
|
|
"date": "2020-11-10",
|
|
"patched_versions": [
|
|
">= 1.1.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0137",
|
|
"package": "lever",
|
|
"title": "AtomicBox<T> lacks bound on its Send and Sync traits allowing data races",
|
|
"date": "2020-11-10",
|
|
"patched_versions": [
|
|
">= 0.1.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0102",
|
|
"package": "late-static",
|
|
"title": "LateStatic has incorrect Sync bound",
|
|
"date": "2020-11-10",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0121",
|
|
"package": "abox",
|
|
"title": "AtomicBox<T> implements Send/Sync for any `T: Sized`",
|
|
"date": "2020-11-10",
|
|
"patched_versions": [
|
|
">= 0.4.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0120",
|
|
"package": "libsbc",
|
|
"title": "`Decoder<R>` can carry `R: !Send` to other threads",
|
|
"date": "2020-11-10",
|
|
"patched_versions": [
|
|
">= 0.1.5"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0111",
|
|
"package": "may_queue",
|
|
"title": "may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.",
|
|
"date": "2020-11-10",
|
|
"patched_versions": [
|
|
">= 0.1.8"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0159",
|
|
"package": "chrono",
|
|
"title": "Potential segfault in `localtime_r` invocations",
|
|
"date": "2020-11-10",
|
|
"patched_versions": [
|
|
">=0.4.20"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0096",
|
|
"package": "im",
|
|
"title": "TreeFocus lacks bounds on its Send and Sync traits",
|
|
"date": "2020-11-09",
|
|
"patched_versions": [
|
|
">= 15.1.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0070",
|
|
"package": "lock_api",
|
|
"title": "Some lock_api lock guard objects can cause data races",
|
|
"date": "2020-11-08",
|
|
"patched_versions": [
|
|
">= 0.4.2"
|
|
],
|
|
"commit_sha": "7de94f95f519d8281cb48457964065b463d26736",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0068",
|
|
"package": "multihash",
|
|
"title": "Unexpected panic in multihash `from_slice` parsing code",
|
|
"date": "2020-11-08",
|
|
"patched_versions": [
|
|
">= 0.11.3"
|
|
],
|
|
"commit_sha": "be17038714fc702ee96b7abbadb594095f9b0c88",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0078",
|
|
"package": "net2",
|
|
"title": "`net2` invalidly assumes the memory layout of std::net::SocketAddr",
|
|
"date": "2020-11-07",
|
|
"patched_versions": [
|
|
">= 0.2.36"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0079",
|
|
"package": "socket2",
|
|
"title": "`socket2` invalidly assumes the memory layout of std::net::SocketAddr",
|
|
"date": "2020-11-06",
|
|
"patched_versions": [
|
|
">= 0.3.16"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0163",
|
|
"package": "term_size",
|
|
"title": "`term_size` is unmaintained; use `terminal_size` instead",
|
|
"date": "2020-11-03",
|
|
"patched_versions": [],
|
|
"commit_sha": "5889fdc589d267182cc946faa24e0e3166a70000",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0064",
|
|
"package": "ffi_utils",
|
|
"title": "crate has been renamed to `sn_ffi_utils`",
|
|
"date": "2020-11-02",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0145",
|
|
"package": "heapless",
|
|
"title": "Use-after-free when cloning a partially consumed `Vec` iterator",
|
|
"date": "2020-11-02",
|
|
"patched_versions": [
|
|
">= 0.6.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0065",
|
|
"package": "fake_clock",
|
|
"title": "crate has been renamed to `sn_fake_clock`",
|
|
"date": "2020-11-02",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0067",
|
|
"package": "quic-p2p",
|
|
"title": "crate has been renamed to `qp2p`",
|
|
"date": "2020-11-02",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0076",
|
|
"package": "routing",
|
|
"title": "crate has been renamed to `sn_routing`",
|
|
"date": "2020-11-02",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0063",
|
|
"package": "safe-nd",
|
|
"title": "crate has been renamed to `safe-nd`",
|
|
"date": "2020-11-02",
|
|
"patched_versions": [],
|
|
"commit_sha": "ab73c1a9e325b5bb3230aaea294fc7f9a75f37d3",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0081",
|
|
"package": "mio",
|
|
"title": "`mio` invalidly assumes the memory layout of std::net::SocketAddr",
|
|
"date": "2020-11-02",
|
|
"patched_versions": [
|
|
">= 0.7.6"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0066",
|
|
"package": "safe_bindgen",
|
|
"title": "crate has been renamed to `sn_bindgen`",
|
|
"date": "2020-11-02",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0072",
|
|
"package": "futures-intrusive",
|
|
"title": "GenericMutexGuard allows data races of non-Sync types across threads",
|
|
"date": "2020-10-31",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0113",
|
|
"package": "atomic-option",
|
|
"title": "AtomicOption should have Send + Sync bound on its type argument.",
|
|
"date": "2020-10-31",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0122",
|
|
"package": "beef",
|
|
"title": "beef::Cow lacks a Sync bound on its Send trait allowing for data races",
|
|
"date": "2020-10-28",
|
|
"patched_versions": [
|
|
">= 0.5.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0059",
|
|
"package": "futures-util",
|
|
"title": "MutexGuard::map can cause a data race in safe code",
|
|
"date": "2020-10-22",
|
|
"patched_versions": [
|
|
">= 0.3.7"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0058",
|
|
"package": "stream-cipher",
|
|
"title": "crate has been renamed to `cipher`",
|
|
"date": "2020-10-15",
|
|
"patched_versions": [],
|
|
"commit_sha": "5fcffeb4b1a817a3f3954d0047a205013ac502e4",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0057",
|
|
"package": "block-cipher",
|
|
"title": "crate has been renamed to `cipher`",
|
|
"date": "2020-10-15",
|
|
"patched_versions": [],
|
|
"commit_sha": "5fcffeb4b1a817a3f3954d0047a205013ac502e4",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0051",
|
|
"package": "rustsec",
|
|
"title": "Obsolete versions of the `rustsec` crate do not support the new V3 advisory format",
|
|
"date": "2020-10-01",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0050",
|
|
"package": "dync",
|
|
"title": "VecCopy allows misaligned access to elements",
|
|
"date": "2020-09-27",
|
|
"patched_versions": [
|
|
">= 0.5.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0047",
|
|
"package": "array-queue",
|
|
"title": "array_queue pop_back() may cause a use-after-free",
|
|
"date": "2020-09-26",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0043",
|
|
"package": "ws",
|
|
"title": "Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory",
|
|
"date": "2020-09-25",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0042",
|
|
"package": "stack",
|
|
"title": "Missing check in ArrayVec leads to out-of-bounds write.",
|
|
"date": "2020-09-24",
|
|
"patched_versions": [
|
|
">= 0.3.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0044",
|
|
"package": "atom",
|
|
"title": "Unsafe Send implementation in Atom allows data races",
|
|
"date": "2020-09-21",
|
|
"patched_versions": [
|
|
">= 0.3.6"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0041",
|
|
"package": "sized-chunks",
|
|
"title": "Multiple soundness issues in Chunk and InlineArray",
|
|
"date": "2020-09-06",
|
|
"patched_versions": [
|
|
">= 0.6.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0166",
|
|
"package": "personnummer",
|
|
"title": "personnummer Input validation error",
|
|
"date": "2020-09-04",
|
|
"patched_versions": [
|
|
">= 3.0.1"
|
|
],
|
|
"commit_sha": "11c3b0491b70449fb790056585ad3251b0e23acb",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0060",
|
|
"package": "futures-task",
|
|
"title": "futures_task::waker may cause a use-after-free if used on a type that isn't 'static",
|
|
"date": "2020-09-04",
|
|
"patched_versions": [
|
|
">= 0.3.6"
|
|
],
|
|
"commit_sha": "4d54611f93cecab7fb6072db436064e92fefb5e2",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0039",
|
|
"package": "simple-slab",
|
|
"title": "`index()` allows out-of-bound read and `remove()` has off-by-one error",
|
|
"date": "2020-09-03",
|
|
"patched_versions": [
|
|
">= 0.3.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0038",
|
|
"package": "ordnung",
|
|
"title": "Memory safety issues in `compact::Vec`",
|
|
"date": "2020-09-03",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0040",
|
|
"package": "obstack",
|
|
"title": "Obstack generates unaligned references",
|
|
"date": "2020-09-03",
|
|
"patched_versions": [
|
|
">= 0.1.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0037",
|
|
"package": "crayon",
|
|
"title": "Misbehaving `HandleLike` implementation can lead to memory safety violation",
|
|
"date": "2020-08-31",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0164",
|
|
"package": "cell-project",
|
|
"title": "`cell-project` used incorrect variance when projecting through `&Cell<T>`",
|
|
"date": "2020-08-27",
|
|
"patched_versions": [
|
|
">= 0.1.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0034",
|
|
"package": "arr",
|
|
"title": "Multiple security issues including data race, buffer overflow, and uninitialized memory drop",
|
|
"date": "2020-08-25",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0035",
|
|
"package": "chunky",
|
|
"title": "Chunk API does not respect align requirement",
|
|
"date": "2020-08-25",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0032",
|
|
"package": "alpm-rs",
|
|
"title": "StrcCtx deallocates a memory region that it doesn't own",
|
|
"date": "2020-08-20",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0030",
|
|
"package": "mozwire",
|
|
"title": "Missing sanitization in mozwire allows local file overwrite of files ending in .conf",
|
|
"date": "2020-08-18",
|
|
"patched_versions": [
|
|
"> 0.4.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0168",
|
|
"package": "mach",
|
|
"title": "mach is unmaintained",
|
|
"date": "2020-07-14",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0165",
|
|
"package": "mozjpeg",
|
|
"title": "mozjpeg DecompressScanlines::read_scanlines is Unsound",
|
|
"date": "2020-07-04",
|
|
"patched_versions": [
|
|
">= 0.8.19"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0052",
|
|
"package": "crossbeam-channel",
|
|
"title": "Undefined Behavior in bounded channel",
|
|
"date": "2020-06-26",
|
|
"patched_versions": [
|
|
">= 0.4.4"
|
|
],
|
|
"commit_sha": "772b4f34eb574ab6ae058bd068545dc739196f6b",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0026",
|
|
"package": "linked-hash-map",
|
|
"title": "linked-hash-map creates uninitialized NonNull pointer",
|
|
"date": "2020-06-23",
|
|
"patched_versions": [
|
|
">= 0.5.3"
|
|
],
|
|
"commit_sha": "4f681be6f3b1b2c7d67647ce3abbe48470e20855",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0167",
|
|
"package": "pnet_packet",
|
|
"title": "`pnet_packet` buffer overrun in `set_payload` setters",
|
|
"date": "2020-06-19",
|
|
"patched_versions": [
|
|
">= 0.27.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0031",
|
|
"package": "tiny_http",
|
|
"title": "HTTP Request smuggling through malformed Transfer Encoding headers",
|
|
"date": "2020-06-16",
|
|
"patched_versions": [
|
|
">= 0.8.0",
|
|
"^0.6.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0029",
|
|
"package": "rgb",
|
|
"title": "Allows viewing and modifying arbitrary structs as bytes",
|
|
"date": "2020-06-14",
|
|
"patched_versions": [
|
|
">= 0.8.20"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0027",
|
|
"package": "traitobject",
|
|
"title": "traitobject assumes the layout of fat pointers",
|
|
"date": "2020-06-01",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0100",
|
|
"package": "sys-info",
|
|
"title": "Double free when calling `sys_info::disk_info` from multiple threads",
|
|
"date": "2020-05-31",
|
|
"patched_versions": [
|
|
">= 0.8.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0017",
|
|
"package": "internment",
|
|
"title": "Use after free in ArcIntern::drop",
|
|
"date": "2020-05-28",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0028",
|
|
"package": "rocket",
|
|
"title": "`LocalRequest::clone` creates multiple mutable references to the same object",
|
|
"date": "2020-05-27",
|
|
"patched_versions": [
|
|
">= 0.4.5"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0018",
|
|
"package": "block-cipher-trait",
|
|
"title": "crate has been renamed to `block-cipher`",
|
|
"date": "2020-05-26",
|
|
"patched_versions": [],
|
|
"commit_sha": "0af45181b907d66c93a1b1eaf43f36ceef040f8b",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0019",
|
|
"package": "tokio-rustls",
|
|
"title": "tokio-rustls reads may cause excessive memory usage",
|
|
"date": "2020-05-19",
|
|
"patched_versions": [
|
|
">= 0.12.3, < 0.13.0",
|
|
">= 0.13.1"
|
|
],
|
|
"commit_sha": "3be701cefb573341db74254f137a4d54aefa44ce",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0021",
|
|
"package": "rio",
|
|
"title": "rio allows a use-after-free buffer access when a future is leaked",
|
|
"date": "2020-05-11",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0025",
|
|
"package": "bigint",
|
|
"title": "bigint is unmaintained, use uint instead",
|
|
"date": "2020-05-07",
|
|
"patched_versions": [],
|
|
"commit_sha": "7e71521a61b009afc94c91135353102658550d42",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0056",
|
|
"package": "stdweb",
|
|
"title": "stdweb is unmaintained",
|
|
"date": "2020-05-04",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0061",
|
|
"package": "futures-task",
|
|
"title": "futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer",
|
|
"date": "2020-05-03",
|
|
"patched_versions": [
|
|
">= 0.3.5"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0036",
|
|
"package": "failure",
|
|
"title": "failure is officially deprecated/unmaintained",
|
|
"date": "2020-05-02",
|
|
"patched_versions": [],
|
|
"commit_sha": "135e2a3b9af422d9a9dc37ce7c69354c9b36e94b",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0016",
|
|
"package": "net2",
|
|
"title": "`net2` crate has been deprecated; use `socket2` instead",
|
|
"date": "2020-05-01",
|
|
"patched_versions": [],
|
|
"commit_sha": "3350e3819adf151709047e93f25583a5df681091",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0012",
|
|
"package": "os_str_bytes",
|
|
"title": "Relies on undefined behavior of `char::from_u32_unchecked`",
|
|
"date": "2020-04-24",
|
|
"patched_versions": [
|
|
">= 2.0.0"
|
|
],
|
|
"commit_sha": "2a5a2053bfabdb3ac1aa78e6d2cefc5c2c941984",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0009",
|
|
"package": "flatbuffers",
|
|
"title": "`read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks",
|
|
"date": "2020-04-11",
|
|
"patched_versions": [
|
|
">= 2.0.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0146",
|
|
"package": "generic-array",
|
|
"title": "arr! macro erases lifetimes",
|
|
"date": "2020-04-09",
|
|
"patched_versions": [
|
|
">= 0.8.4, < 0.9.0",
|
|
">= 0.9.1, < 0.10.0",
|
|
">= 0.10.1, < 0.11.0",
|
|
">= 0.11.2, < 0.12.0",
|
|
">= 0.12.4, < 0.13.0",
|
|
">= 0.13.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0007",
|
|
"package": "bitvec",
|
|
"title": "use-after or double free of allocated memory",
|
|
"date": "2020-03-27",
|
|
"patched_versions": [
|
|
">= 0.17.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0006",
|
|
"package": "bumpalo",
|
|
"title": "Flaw in `realloc` allows reading unknown memory",
|
|
"date": "2020-03-24",
|
|
"patched_versions": [
|
|
">= 3.2.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0008",
|
|
"package": "hyper",
|
|
"title": "Flaw in hyper allows request smuggling by sending a body in GET requests",
|
|
"date": "2020-03-19",
|
|
"patched_versions": [
|
|
">= 0.12.34"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0005",
|
|
"package": "cbox",
|
|
"title": "CBox API allows to de-reference raw pointers without `unsafe` code",
|
|
"date": "2020-03-19",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0010",
|
|
"package": "tiberius",
|
|
"title": "tiberius is unmaintained",
|
|
"date": "2020-02-28",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0147",
|
|
"package": "rulinalg",
|
|
"title": "rulinalg is unmaintained, use nalgebra instead",
|
|
"date": "2020-02-11",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0023",
|
|
"package": "rulinalg",
|
|
"title": "Lifetime boundary for `raw_slice` and `raw_slice_mut` are incorrect",
|
|
"date": "2020-02-11",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0144",
|
|
"package": "lzw",
|
|
"title": "lzw is unmaintained",
|
|
"date": "2020-02-10",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0158",
|
|
"package": "slice-deque",
|
|
"title": "slice-deque is unmaintained",
|
|
"date": "2020-02-10",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0169",
|
|
"package": "multi_mut",
|
|
"title": "multi_mut is Unmaintained",
|
|
"date": "2020-02-07",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0162",
|
|
"package": "tokio-proto",
|
|
"title": "`tokio-proto` is deprecated/unmaintained",
|
|
"date": "2020-02-06",
|
|
"patched_versions": [],
|
|
"commit_sha": "56c720ea3c74efa8f39e36c24e609628222b16a1",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0049",
|
|
"package": "actix-codec",
|
|
"title": "Use-after-free in Framed due to lack of pinning",
|
|
"date": "2020-01-30",
|
|
"patched_versions": [
|
|
">= 0.3.0-beta.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0004",
|
|
"package": "lucet-runtime-internals",
|
|
"title": "sigstack allocation bug can cause memory corruption or leak",
|
|
"date": "2020-01-24",
|
|
"patched_versions": [
|
|
"< 0.5.0, >= 0.4.3",
|
|
">= 0.5.1"
|
|
],
|
|
"commit_sha": "a88bb29c27c9ab834726eaf0d35e3a6cf4bc1d68",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0062",
|
|
"package": "futures-util",
|
|
"title": "Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption",
|
|
"date": "2020-01-24",
|
|
"patched_versions": [
|
|
">= 0.3.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0048",
|
|
"package": "actix-http",
|
|
"title": "Use-after-free in BodyStream due to lack of pinning",
|
|
"date": "2020-01-24",
|
|
"patched_versions": [
|
|
">= 2.0.0-alpha.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0123",
|
|
"package": "libp2p-deflate",
|
|
"title": "Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation",
|
|
"date": "2020-01-24",
|
|
"patched_versions": [
|
|
">= 0.27.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0160",
|
|
"package": "shamir",
|
|
"title": "Threshold value is ignored (all shares are n=3)",
|
|
"date": "2020-01-21",
|
|
"patched_versions": [
|
|
">= 2.0.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0003",
|
|
"package": "rust_sodium",
|
|
"title": "rust_sodium is unmaintained; switch to a modern alternative",
|
|
"date": "2020-01-20",
|
|
"patched_versions": [],
|
|
"commit_sha": "62ee6de8dfdd8890283f4170056b0eb3fcf184fc",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0002",
|
|
"package": "prost",
|
|
"title": "Parsing a specially crafted message can result in a stack overflow",
|
|
"date": "2020-01-16",
|
|
"patched_versions": [
|
|
">= 0.6.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0046",
|
|
"package": "actix-service",
|
|
"title": "bespoke Cell implementation allows obtaining several mutable references to the same data",
|
|
"date": "2020-01-08",
|
|
"patched_versions": [
|
|
">= 1.0.6"
|
|
],
|
|
"commit_sha": "a67e38b4a07c92a3c81fa833f9eb1e91e74e39b7",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0045",
|
|
"package": "actix-utils",
|
|
"title": "bespoke Cell implementation allows obtaining several mutable references to the same data",
|
|
"date": "2020-01-08",
|
|
"patched_versions": [
|
|
">= 2.0.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2020-0001",
|
|
"package": "trust-dns-server",
|
|
"title": "Stack overflow when resolving additional records from MX or SRV null targets",
|
|
"date": "2020-01-06",
|
|
"patched_versions": [
|
|
">= 0.18.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0031",
|
|
"package": "spin",
|
|
"title": "spin is no longer actively maintained",
|
|
"date": "2019-11-21",
|
|
"patched_versions": [],
|
|
"commit_sha": "7516c8037d3d15712ba4d8499ab075e97a19d778",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0033",
|
|
"package": "http",
|
|
"title": "Integer Overflow in HeaderMap::reserve() can cause Denial of Service",
|
|
"date": "2019-11-16",
|
|
"patched_versions": [
|
|
">= 0.1.20"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0036",
|
|
"package": "failure",
|
|
"title": "Type confusion if __private_get_type_id__ is overridden",
|
|
"date": "2019-11-13",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0029",
|
|
"package": "chacha20",
|
|
"title": "ChaCha20 counter overflow can expose repetitions in the keystream",
|
|
"date": "2019-10-22",
|
|
"patched_versions": [
|
|
">= 0.2.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0028",
|
|
"package": "flatbuffers",
|
|
"title": "Unsound `impl Follow for bool`",
|
|
"date": "2019-10-20",
|
|
"patched_versions": [
|
|
">= 0.6.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0026",
|
|
"package": "sodiumoxide",
|
|
"title": "generichash::Digest::eq always return true",
|
|
"date": "2019-10-11",
|
|
"patched_versions": [
|
|
">= 0.2.5"
|
|
],
|
|
"commit_sha": "fae052b834b097ced9a89a8fff8466e18f383070",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0024",
|
|
"package": "rustsec-example-crate",
|
|
"title": "Test advisory with associated example crate",
|
|
"date": "2019-10-08",
|
|
"patched_versions": [
|
|
">= 1.0.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0030",
|
|
"package": "streebog",
|
|
"title": "Incorrect implementation of the Streebog hash functions",
|
|
"date": "2019-10-06",
|
|
"patched_versions": [
|
|
">= 0.8.0"
|
|
],
|
|
"commit_sha": "9695573914ad96f234ecabf9ecee2dbb3a6a36ed",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0022",
|
|
"package": "portaudio-rs",
|
|
"title": "Stream callback function is not unwind safe",
|
|
"date": "2019-09-14",
|
|
"patched_versions": [
|
|
"> 0.3.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0021",
|
|
"package": "linea",
|
|
"title": "`Matrix::zip_elements` causes double free",
|
|
"date": "2019-09-14",
|
|
"patched_versions": [
|
|
"> 0.9.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0020",
|
|
"package": "generator",
|
|
"title": "fix unsound APIs that could lead to UB",
|
|
"date": "2019-09-06",
|
|
"patched_versions": [
|
|
">= 0.6.18"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0018",
|
|
"package": "renderdoc",
|
|
"title": "Internally mutating methods take immutable ref self",
|
|
"date": "2019-09-02",
|
|
"patched_versions": [
|
|
">= 0.5.0"
|
|
],
|
|
"commit_sha": "22351fe532cf480e26a7ad8717d86a023da8f1d6",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0016",
|
|
"package": "chttp",
|
|
"title": "Use-after-free in buffer conversion implementation",
|
|
"date": "2019-09-01",
|
|
"patched_versions": [
|
|
">= 0.1.3"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0017",
|
|
"package": "once_cell",
|
|
"title": "Panic during initialization of Lazy<T> might trigger undefined behavior",
|
|
"date": "2019-09-01",
|
|
"patched_versions": [
|
|
">= 1.0.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0013",
|
|
"package": "spin",
|
|
"title": "Wrong memory orderings in RwLock potentially violates mutual exclusion",
|
|
"date": "2019-08-27",
|
|
"patched_versions": [
|
|
">= 0.5.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0019",
|
|
"package": "blake2",
|
|
"title": "HMAC-BLAKE2 algorithms compute incorrect results",
|
|
"date": "2019-08-25",
|
|
"patched_versions": [
|
|
">= 0.8.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0023",
|
|
"package": "string-interner",
|
|
"title": "Cloned interners may read already dropped strings",
|
|
"date": "2019-08-24",
|
|
"patched_versions": [
|
|
"^0.6.4",
|
|
">= 0.7.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0014",
|
|
"package": "image",
|
|
"title": "Flaw in interface may drop uninitialized instance of arbitrary types",
|
|
"date": "2019-08-21",
|
|
"patched_versions": [
|
|
">= 0.21.3"
|
|
],
|
|
"commit_sha": "214e6467a1e32e690f08f0b34dea540625b6724c",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0012",
|
|
"package": "smallvec",
|
|
"title": "Memory corruption in SmallVec::grow()",
|
|
"date": "2019-07-19",
|
|
"patched_versions": [
|
|
">= 0.6.10"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0011",
|
|
"package": "memoffset",
|
|
"title": "Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code",
|
|
"date": "2019-07-16",
|
|
"patched_versions": [
|
|
">= 0.5.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0010",
|
|
"package": "libflate",
|
|
"title": "MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code",
|
|
"date": "2019-07-04",
|
|
"patched_versions": [
|
|
">= 0.1.25"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0008",
|
|
"package": "simd-json",
|
|
"title": "Flaw in string parsing can lead to crashes due to invalid memory access.",
|
|
"date": "2019-06-24",
|
|
"patched_versions": [
|
|
">= 0.1.15"
|
|
],
|
|
"commit_sha": "32fcd779cf20f14902b3dd11ced83d9611fb821f",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0040",
|
|
"package": "boxfnonce",
|
|
"title": "`boxfnonce` obsolete with release of Rust 1.35.0",
|
|
"date": "2019-06-20",
|
|
"patched_versions": [],
|
|
"commit_sha": "058ac7e1a7d732076da9d8a37baa66bcb67758d8",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0005",
|
|
"package": "pancurses",
|
|
"title": "Format string vulnerabilities in `pancurses`",
|
|
"date": "2019-06-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0006",
|
|
"package": "ncurses",
|
|
"title": "Buffer overflow and format vulnerabilities in functions exposed without unsafe",
|
|
"date": "2019-06-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0007",
|
|
"package": "asn1_der",
|
|
"title": "Processing of maliciously crafted length fields causes memory allocation SIGABRTs",
|
|
"date": "2019-06-13",
|
|
"patched_versions": [
|
|
">= 0.6.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0037",
|
|
"package": "pnet",
|
|
"title": "Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT",
|
|
"date": "2019-06-11",
|
|
"patched_versions": [
|
|
">= 0.27.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0003",
|
|
"package": "protobuf",
|
|
"title": "Out of Memory in stream::read_raw_bytes_into()",
|
|
"date": "2019-06-08",
|
|
"patched_versions": [
|
|
"^1.7.5",
|
|
">= 2.6.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0009",
|
|
"package": "smallvec",
|
|
"title": "Double-free and use-after-free in SmallVec::grow()",
|
|
"date": "2019-06-06",
|
|
"patched_versions": [
|
|
">= 0.6.10"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0015",
|
|
"package": "compact_arena",
|
|
"title": "Flaw in generativity allows out-of-bounds access",
|
|
"date": "2019-05-21",
|
|
"patched_versions": [
|
|
">= 0.4.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0002",
|
|
"package": "slice-deque",
|
|
"title": "Bug in SliceDeque::move_head_unchecked corrupts its memory",
|
|
"date": "2019-05-07",
|
|
"patched_versions": [
|
|
">= 0.2.0"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0039",
|
|
"package": "typemap",
|
|
"title": "typemap is Unmaintained",
|
|
"date": "2019-04-06",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2019-0038",
|
|
"package": "libpulse-binding",
|
|
"title": "Fix for UB in failure to catch panics crossing FFI boundaries",
|
|
"date": "2019-03-10",
|
|
"patched_versions": [
|
|
">= 2.6.0"
|
|
],
|
|
"commit_sha": "7fd282aef7787577c385aed88cb25d004b85f494",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0012",
|
|
"package": "orion",
|
|
"title": "Flaw in streaming state reset() functions can create incorrect results.",
|
|
"date": "2018-12-20",
|
|
"patched_versions": [
|
|
">= 0.11.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0011",
|
|
"package": "arrayfire",
|
|
"title": "Enum repr causing potential memory corruption",
|
|
"date": "2018-12-18",
|
|
"patched_versions": [
|
|
">= 3.6.0"
|
|
],
|
|
"commit_sha": "a5256f3e5e23b83eaad69699e0b04653aba04fb8",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0009",
|
|
"package": "crossbeam",
|
|
"title": "MsQueue and SegQueue suffer from double-free",
|
|
"date": "2018-12-09",
|
|
"patched_versions": [
|
|
">= 0.4.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0008",
|
|
"package": "slice-deque",
|
|
"title": "Bug in SliceDeque::move_head_unchecked allows read of corrupted memory",
|
|
"date": "2018-12-05",
|
|
"patched_versions": [
|
|
">= 0.1.16"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0013",
|
|
"package": "safe-transmute",
|
|
"title": "Vec-to-vec transmutations could lead to heap overflow/corruption",
|
|
"date": "2018-11-27",
|
|
"patched_versions": [
|
|
">= 0.10.1"
|
|
],
|
|
"commit_sha": "a134e06d740f9d7c287f74c0af2cd06206774364",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0015",
|
|
"package": "term",
|
|
"title": "term is looking for a new maintainer",
|
|
"date": "2018-11-19",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0018",
|
|
"package": "smallvec",
|
|
"title": "smallvec creates uninitialized value of any type",
|
|
"date": "2018-09-25",
|
|
"patched_versions": [
|
|
">= 0.6.13"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0006",
|
|
"package": "yaml-rust",
|
|
"title": "Uncontrolled recursion leads to abort in deserialization",
|
|
"date": "2018-09-17",
|
|
"patched_versions": [
|
|
">= 0.4.1"
|
|
],
|
|
"commit_sha": "7eb6b6afa9b1e3122f4a1ca06ec8390496eb3d57",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0005",
|
|
"package": "serde_yaml",
|
|
"title": "Uncontrolled recursion leads to abort in deserialization",
|
|
"date": "2018-09-17",
|
|
"patched_versions": [
|
|
">= 0.8.4"
|
|
],
|
|
"commit_sha": "41d58237a733051603069d1249c549cc8b6dada0",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0004",
|
|
"package": "claxon",
|
|
"title": "Malicious input could cause uninitialized memory to be exposed",
|
|
"date": "2018-08-25",
|
|
"patched_versions": [
|
|
"^0.3.2",
|
|
">= 0.4.1"
|
|
],
|
|
"commit_sha": "8f28ec275e412dd3af4f3cda460605512faf332c",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0022",
|
|
"package": "temporary",
|
|
"title": "Use of uninitialized memory in temporary",
|
|
"date": "2018-08-22",
|
|
"patched_versions": [
|
|
">= 0.6.4"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0014",
|
|
"package": "chan",
|
|
"title": "chan is end-of-life; use crossbeam-channel instead",
|
|
"date": "2018-07-31",
|
|
"patched_versions": [],
|
|
"commit_sha": "0a5c0d4ad4adc90a54ee04a427389acf2e157275",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0003",
|
|
"package": "smallvec",
|
|
"title": "Possible double free during unwinding in SmallVec::insert_many",
|
|
"date": "2018-07-19",
|
|
"patched_versions": [
|
|
">= 0.6.3",
|
|
"^0.3.4",
|
|
"^0.4.5",
|
|
"^0.5.1"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0016",
|
|
"package": "quickersort",
|
|
"title": "quickersort is deprecated and unmaintained",
|
|
"date": "2018-06-30",
|
|
"patched_versions": [],
|
|
"commit_sha": "0bc164366315801f0c6b31f4081b7df9fc894076",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0002",
|
|
"package": "tar",
|
|
"title": "Links in archives can overwrite any existing file",
|
|
"date": "2018-06-29",
|
|
"patched_versions": [
|
|
">= 0.4.16"
|
|
],
|
|
"commit_sha": "54651a87ae6ba7d81fcc72ffdee2ea7eca2c7e85",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0001",
|
|
"package": "untrusted",
|
|
"title": "An integer underflow could lead to panic",
|
|
"date": "2018-06-21",
|
|
"patched_versions": [
|
|
">= 0.6.2"
|
|
],
|
|
"commit_sha": "1cf31901e7220af96c05fcb505978757fdae4a77",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0019",
|
|
"package": "actix-web",
|
|
"title": "Multiple memory safety issues",
|
|
"date": "2018-06-08",
|
|
"patched_versions": [
|
|
">= 0.7.15"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0010",
|
|
"package": "openssl",
|
|
"title": "Use after free in CMS Signing",
|
|
"date": "2018-06-01",
|
|
"patched_versions": [
|
|
">= 0.10.9"
|
|
],
|
|
"commit_sha": "63afe3016c5c3e615dca2fd27a5ed09a4a025359",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2018-0017",
|
|
"package": "tempdir",
|
|
"title": "`tempdir` crate has been deprecated; use `tempfile` instead",
|
|
"date": "2018-02-13",
|
|
"patched_versions": [],
|
|
"commit_sha": "bad6689835d1e4a836cc7e936a270459f84520a2",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2017-0006",
|
|
"package": "rmpv",
|
|
"title": "Unchecked vector pre-allocation",
|
|
"date": "2017-11-21",
|
|
"patched_versions": [
|
|
">= 0.4.2"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2017-0008",
|
|
"package": "serial",
|
|
"title": "`serial` crate is unmaintained",
|
|
"date": "2017-07-02",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2017-0005",
|
|
"package": "cookie",
|
|
"title": "Large cookie Max-Age values can cause a denial of service",
|
|
"date": "2017-05-06",
|
|
"patched_versions": [
|
|
"< 0.6.0",
|
|
"^0.6.2",
|
|
">= 0.7.6"
|
|
],
|
|
"commit_sha": "958785422bbc7d683bce4b3f9a91318b0386310d",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2017-0004",
|
|
"package": "base64",
|
|
"title": "Integer overflow leads to heap-based buffer overflow in encode_config_buf",
|
|
"date": "2017-05-03",
|
|
"patched_versions": [
|
|
">= 0.5.2"
|
|
],
|
|
"commit_sha": "24ead980daf11ba563e4fb2516187a56a71ad319",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2017-0003",
|
|
"package": "security-framework",
|
|
"title": "Hostname verification skipped when custom root certs used",
|
|
"date": "2017-03-15",
|
|
"patched_versions": [
|
|
">= 0.1.12"
|
|
],
|
|
"commit_sha": "fec804cdb8d5e3cc5c78e0c7cb0317121d2b5dcf",
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2017-0001",
|
|
"package": "sodiumoxide",
|
|
"title": "scalarmult() vulnerable to degenerate public keys",
|
|
"date": "2017-01-26",
|
|
"patched_versions": [
|
|
">= 0.0.14"
|
|
],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2016-0006",
|
|
"package": "cassandra",
|
|
"title": "`cassandra` crate is unmaintained; use `cassandra-cpp` instead",
|
|
"date": "2016-12-15",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2016-0004",
|
|
"package": "libusb",
|
|
"title": "libusb is unmaintained; use rusb instead",
|
|
"date": "2016-09-10",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2016-0005",
|
|
"package": "rust-crypto",
|
|
"title": "rust-crypto is unmaintained; switch to a modern alternative",
|
|
"date": "2016-09-06",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
},
|
|
{
|
|
"advisory_id": "RUSTSEC-2016-0003",
|
|
"package": "portaudio",
|
|
"title": "HTTP download and execution allows MitM RCE",
|
|
"date": "2016-08-01",
|
|
"patched_versions": [],
|
|
"commit_sha": null,
|
|
"vulnerable_symbols": []
|
|
}
|
|
]
|
|
} |