Critical severityNVD Advisory· Published Jan 22, 2021· Updated Aug 3, 2024
CVE-2021-25900
CVE-2021-25900
Description
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
smallveccrates.io | >= 0.6.3, < 0.6.14 | 0.6.14 |
smallveccrates.io | >= 1.0.0, < 1.6.1 | 1.6.1 |
Affected products
5- Rust/smallvecdescription
- ghsa-coords4 versionspkg:cargo/smallvecpkg:rpm/opensuse/librsvg&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2
>= 0.6.3, < 0.6.14+ 3 more
- (no CPE)range: >= 0.6.3, < 0.6.14
- (no CPE)range: < 2.46.5-lp152.2.3.1
- (no CPE)range: < 2.46.5-3.3.1
- (no CPE)range: < 2.46.5-3.3.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-43w2-9j62-hq99ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-25900ghsaADVISORY
- github.com/servo/rust-smallvec/commit/5757ac500d4e544485d796b542e4e589749c291bghsaWEB
- github.com/servo/rust-smallvec/commit/9998ba0694a6b51aa6604748b00b6a98f0a0039eghsaWEB
- github.com/servo/rust-smallvec/issues/252ghsaWEB
- rustsec.org/advisories/RUSTSEC-2021-0003.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.