crates.io package
smallvec
pkg:cargo/smallvec
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-25023 | — | < 0.6.13 | 0.6.13 | Dec 26, 2021 | An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type. | ||
| CVE-2021-25900 | — | >= 0.6.3, < 0.6.14 | 0.6.14 | Jan 22, 2021 | An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many. | ||
| CVE-2019-15551 | — | >= 0.6.5, < 0.6.10 | 0.6.10 | Aug 26, 2019 | An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity. | ||
| CVE-2019-15554 | — | >= 0.6.3, < 0.6.10 | 0.6.10 | Aug 26, 2019 | An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity. | ||
| CVE-2018-20991 | — | >= 0.3.2, < 0.6.3 | 0.6.3 | Aug 26, 2019 | An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free. |
- CVE-2018-25023Dec 26, 2021affected < 0.6.13fixed 0.6.13
An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.
- CVE-2021-25900Jan 22, 2021affected >= 0.6.3, < 0.6.14fixed 0.6.14
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.
- CVE-2019-15551Aug 26, 2019affected >= 0.6.5, < 0.6.10fixed 0.6.10
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity.
- CVE-2019-15554Aug 26, 2019affected >= 0.6.3, < 0.6.10fixed 0.6.10
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.
- CVE-2018-20991Aug 26, 2019affected >= 0.3.2, < 0.6.3fixed 0.6.3
An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.