The socket2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The sta…
[miow] miow invalidly assumes the memory layout of std::net::SocketAddr
An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-35921
https://github.com/yoshuawuyts/miow/issues/38
h…
[ordered-float] ordered_float:NotNan may contain NaN after panic in assignment operators
An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. After using an assignment operators such as NotNan::add_assign, NotNan::mul_assign, etc., it was possible for the resulting NotNan value to contain a NaN. Th…
[image] Mutable reference with immutable provenance in image
An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)
References
https://nvd.nist.gov/vuln/detail/CVE-2020-35916
https://github.com/image-…
[internment] Use after free in internment
An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-35874
https://github.com/droundy/internment/issues/11
…
[flatbuffers] Unsound casting in flatbuffers
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-25004
https://github.com/google/flatbuffers/issues/5530
h…
[http] Double free in http
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-25009
https://rustsec.org/advisories/RUSTSEC-2019-0034.html
htt…
[sodiumoxide] Incorrect Comparison in sodiumoxide
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-25002
https://github.com/sodium…
[tflite] Null pointer dereference in TFLite MLIR optimizations
Impact
An attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service:
This is caused by the MLIR optimization of L2NormalizeReduceAxis operator. The implementation unconditionall…
暗号通貨が流出した分散型金融(DeFi)のポリ・ネットワークとは何か?
ポリ・ネットワークから約6億ドル(約660億円)もの暗号通貨が流出したとの報道があった※1。ハッキン…