Impact
Affected versions of lettre allowed argument injection to the sendmail command. It was possible, using forged to addresses, to pass arbitrary arguments to the sendmail executable.
Depending on the implementation (original sendmail, postfix, exim…
[ark-r1cs-std] Calculation error in ark-r1cs-std
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.
References
https://nvd…
[prost-types] Overflow in prost-types
An issue was discovered in the prost-types crate before 0.8.0 for Rust. An overflow can occur during conversion from Timestamp to SystemTime.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-38192
https://github.com/tokio-rs/prost/issues/438
https…
[tokio] Race condition in tokio
An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-38191
https://github.com/tokio-rs/tokio/issues/3929
https://raw…
[iced-x86] Incorrect buffer size calculation in iced-x86
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-38188
https://github.com/icedland/iced/issues/168
http…
[xcb] Multiple soundness issues
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value.
References
https://nvd.nist.gov/vul…
[xcb] Unchecked Return Value in xcb
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server.
References
https://nvd.nist.g…
[xcb] Out of bounds read in xcb
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sen…
[xcb] Unchecked Return Value in xcb
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type.
Refer…
[rand_core] Incorrect check on buffer length in rand_core
An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. The vulnerability was introduced in v0.6…