GitHub

An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-36203
https://github.com/diwic/reffer…

An issue was discovered in the im crate prior to 15.1.0 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-36204
https://github.com/bodil/im-rs/…

An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-36205
https://g…

The socket2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The sta…

An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-35921
https://github.com/yoshuawuyts/miow/issues/38
h…

An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. After using an assignment operators such as NotNan::add_assign, NotNan::mul_assign, etc., it was possible for the resulting NotNan value to contain a NaN. Th…

An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)
References

https://nvd.nist.gov/vuln/detail/CVE-2020-35916
https://github.com/image-…

An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-35874
https://github.com/droundy/internment/issues/11
…

An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.
References

https://nvd.nist.gov/vuln/detail/CVE-2019-25004
https://github.com/google/flatbuffers/issues/5530
h…

An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.
References

https://nvd.nist.gov/vuln/detail/CVE-2019-25009
https://rustsec.org/advisories/RUSTSEC-2019-0034.html
htt…