CVE-2019-25008

An issue was discovered in the http crate before 0.1.20 for Rust. HeaderMap::reserve() has an integer overflow that allows attackers to cause a denial of service.

Source: CVE-2019-25008

CVE-2020-35860

An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code.

Source: CVE-2020-35860

CVE-2019-25007

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic.

Source: CVE-2019-25007

CVE-2019-25006

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer.

Source: CVE-2019-25006

CVE-2019-25001

An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags.

Source: CVE-2019-25001

CVE-2020-35858

An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM).

Source: CVE-2020-35858

CVE-2019-25005

An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext.

Source: CVE-2019-25005

CVE-2019-25002

An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.

Source: CVE-2019-25002

CVE-2020-35857

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.

Source: CVE-2020-35857

CVE-2020-35861

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys.

Source: CVE-2020-35861