|
198151
|
9.8 |
CRITICAL
Network
|
bitvec_project
|
bitvec
|
An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free.
|
CWE-415
CWE-416
Double Free
Use After Free
|
CVE-2020-35862
|
2024-11-21 14:28 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198152
|
7.5 |
HIGH
Network
|
bumpalo_project
|
bumpalo
|
An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-35861
|
2024-11-21 14:28 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198153
|
9.8 |
CRITICAL
Network
|
cbox_project
|
cbox
|
An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-35860
|
2024-11-21 14:28 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198154
|
9.1 |
CRITICAL
Network
|
lucet-runtime-internals_project
|
lucet-runtime-internals
|
An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs ca…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2020-35859
|
2024-11-21 14:28 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198155
|
9.8 |
CRITICAL
Network
|
prost_project
|
prost
|
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., AR…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-35858
|
2024-11-21 14:28 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198156
|
7.5 |
HIGH
Network
|
trust-dns-server_project
|
trust-dns-server
|
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-35857
|
2024-11-21 14:28 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198157
|
4.7 |
MEDIUM
Local
|
concread_project
|
concread
|
An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync.
|
CWE-362
Race Condition
|
CVE-2020-35928
|
2024-11-21 14:28 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198158
|
5.5 |
MEDIUM
Local
|
thex_project
|
thex
|
An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types.
|
NVD-CWE-noinfo
|
CVE-2020-35927
|
2024-11-21 14:28 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198159
|
9.8 |
CRITICAL
Network
|
nanorand_project
|
nanorand
|
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.
|
CWE-330
CWE-681
Use of Insufficiently Random Values
Incorrect Conversion between Numeric Types
|
CVE-2020-35926
|
2024-11-21 14:28 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198160
|
5.5 |
MEDIUM
Local
|
magnetic_project
|
magnetic
|
An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type.
|
NVD-CWE-noinfo
|
CVE-2020-35925
|
2024-11-21 14:28 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
