Month: August 2021

ディスプレイのサイズ以外に、AppleがMacBook Proの各モデルで差別化していたのは搭載され…

Impact
Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior. rand_core::BlockRng::next_u64 and rand_core::BlockRng::fill_bytes are affected.
Patches
The flaw was corrected by Ral…

An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. The vulnerability was introduced in v0.6…

An issue was discovered in the im crate prior to 15.1.0 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-36204
https://github.com/bodil/im-rs/…

An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-35921
https://github.com/yoshuawuyts/miow/issues/38
h…

An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. After using an assignment operators such as NotNan::add_assign, NotNan::mul_assign, etc., it was possible for the resulting NotNan value to contain a NaN. Th…

An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.
References

https://nvd.nist.gov/vuln/detail/CVE-2019-25002
https://github.com/sodium…

ポリ・ネットワークから約6億ドル(約660億円)もの暗号通貨が流出したとの報道があった※1。ハッキン…