crates.io package
raw-cpuid
pkg:cargo/raw-cpuid
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-45687 | — | >= 3.1.0, < 9.1.1 | 9.1.1 | Dec 26, 2021 | An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic. | ||
| CVE-2021-26306 | — | < 9.0.0 | 9.0.0 | Jan 29, 2021 | An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods. | ||
| CVE-2021-26307 | — | < 9.0.0 | 9.0.0 | Jan 29, 2021 | An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash. |
- CVE-2021-45687Dec 26, 2021affected >= 3.1.0, < 9.1.1fixed 9.1.1
An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic.
- CVE-2021-26306Jan 29, 2021affected < 9.0.0fixed 9.0.0
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.
- CVE-2021-26307Jan 29, 2021affected < 9.0.0fixed 9.0.0
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.