apk package
wolfi/yara-x
pkg:apk/wolfi/yara-x
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-53605 | Med | 5.9 | < 0.13.0-r2 | 0.13.0-r2 | Jul 5, 2025 | The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input. | |
| CVE-2025-4574 | Med | 6.5 | < 0.14.0-r2 | 0.14.0-r2 | May 13, 2025 | In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption. |
- affected < 0.13.0-r2fixed 0.13.0-r2
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.
- affected < 0.14.0-r2fixed 0.14.0-r2
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Page 2 of 2