diff --git a/crates/cassandra-cpp/RUSTSEC-2024-0017.md b/crates/cassandra-cpp/RUSTSEC-2024-0017.md index 0ee54ec5..bdd36be8 100644 --- a/crates/cassandra-cpp/RUSTSEC-2024-0017.md +++ b/crates/cassandra-cpp/RUSTSEC-2024-0017.md @@ -7,11 +7,12 @@ url = "https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc- informational = "unsound" categories = ["memory-corruption", "memory-exposure"] keywords = ["memory-safety", "use-after-free"] -aliases = ["GHSA-x9xc-63hg-vcfq"] +aliases = ["CVE-2024-27284", "GHSA-x9xc-63hg-vcfq"] [versions] patched = [">= 3.0.0"] ``` + # Non-idiomatic use of iterators leads to use after free Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. Code that uses the item and then advances the iterator is unaffected. This problem has always existed. diff --git a/crates/crayon/RUSTSEC-2024-0018.md b/crates/crayon/RUSTSEC-2024-0018.md index 271e65aa..1bbf8e1e 100644 --- a/crates/crayon/RUSTSEC-2024-0018.md +++ b/crates/crayon/RUSTSEC-2024-0018.md @@ -6,6 +6,7 @@ date = "2024-02-27" url = "https://github.com/shawnscode/crayon/issues/109" categories = ["memory-corruption"] keywords = ["std::mem::uninitialized", "address-sanitizer"] +aliases = ["GHSA-xfhw-6mc4-mgxf"] [versions] patched = [] diff --git a/crates/eyre/RUSTSEC-2024-0021.md b/crates/eyre/RUSTSEC-2024-0021.md index 7353ae60..dc75efd4 100644 --- a/crates/eyre/RUSTSEC-2024-0021.md +++ b/crates/eyre/RUSTSEC-2024-0021.md @@ -5,6 +5,7 @@ package = "eyre" date = "2024-03-05" url = "https://github.com/eyre-rs/eyre/issues/141" categories = ["memory-corruption"] +aliases = ["GHSA-4v52-7q2x-v4xj"] [versions] patched = [">= 0.6.12"] diff --git a/crates/h2/RUSTSEC-2024-0332.md b/crates/h2/RUSTSEC-2024-0332.md index 27720e70..3243ad73 100644 --- a/crates/h2/RUSTSEC-2024-0332.md +++ b/crates/h2/RUSTSEC-2024-0332.md @@ -6,6 +6,7 @@ date = "2024-04-03" references = ["https://seanmonstar.com/blog/hyper-http2-continuation-flood/"] categories = ["denial-of-service"] keywords = ["http", "http2", "h2"] +aliases = ["GHSA-q6cp-qfwq-4gcv"] [versions] patched = ["^0.3.26", ">= 0.4.4"] diff --git a/crates/hpack/RUSTSEC-2023-0085.md b/crates/hpack/RUSTSEC-2023-0085.md index c91b870a..ac062642 100644 --- a/crates/hpack/RUSTSEC-2023-0085.md +++ b/crates/hpack/RUSTSEC-2023-0085.md @@ -6,6 +6,7 @@ date = "2023-09-15" url = "https://github.com/mlalic/hpack-rs/issues/11" categories = ["denial-of-service"] references = ["https://github.com/sno2/hpack-rs-patched/commit/d669282924a95311599e9e7dd53869ee96b3a2f5"] +aliases = ["GHSA-w7hm-hmxv-pvhf"] [versions] patched = [] diff --git a/crates/libdav1d-sys/RUSTSEC-2024-0016.md b/crates/libdav1d-sys/RUSTSEC-2024-0016.md index a0ad4555..06f03099 100644 --- a/crates/libdav1d-sys/RUSTSEC-2024-0016.md +++ b/crates/libdav1d-sys/RUSTSEC-2024-0016.md @@ -6,6 +6,7 @@ date = "2024-02-19" url = "https://www.cvedetails.com/cve/CVE-2024-1580/" categories = ["memory-corruption"] keywords = ["integer-overflow"] +aliases = ["GHSA-mc39-h54g-pvw6"] [affected] [versions] diff --git a/crates/transpose/RUSTSEC-2023-0080.md b/crates/transpose/RUSTSEC-2023-0080.md index 63d92ae6..79608c0c 100644 --- a/crates/transpose/RUSTSEC-2023-0080.md +++ b/crates/transpose/RUSTSEC-2023-0080.md @@ -5,6 +5,7 @@ package = "transpose" date = "2023-12-18" url = "https://github.com/ejmahler/transpose/issues/11" categories = ["memory-corruption"] +aliases = ["GHSA-5gmm-6m36-r7jh"] [versions] patched = [">= 0.2.3"] diff --git a/crates/whoami/RUSTSEC-2024-0020.md b/crates/whoami/RUSTSEC-2024-0020.md index 3ea1d0e7..fba0d6f9 100644 --- a/crates/whoami/RUSTSEC-2024-0020.md +++ b/crates/whoami/RUSTSEC-2024-0020.md @@ -6,6 +6,7 @@ date = "2024-02-28" url = "https://github.com/ardaku/whoami/issues/91" categories = ["denial-of-service", "memory-corruption"] keywords = ["buffer-overflow", "stack-buffer-overflow", "cwe-121"] +aliases = ["GHSA-w5w5-8vfh-xcjq"] [affected] # Other Unix OSes that aren't Linux or macOS are affected as well.