Showing 1 - 2 of 2

CVE-2020-15254

Status Candidate

Overview

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.

Related Files

Ubuntu Security Notice USN-4599-2: Posted Oct 27, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4599-2 - USN-4599-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary, spoof, vulnerability; systems | linux, ubuntu; advisories | CVE-2020-15254, CVE-2020-15683; SHA-256 | 0cb7b1c8febb53988764a40fd3798cde7e434f570858b4ba17b00096c4cf59af; Download | Favorite | View

Ubuntu Security Notice USN-4599-1: Posted Oct 23, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4599-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code.; tags | advisory, denial of service, arbitrary, spoof; systems | linux, ubuntu; advisories | CVE-2020-15254, CVE-2020-15683; SHA-256 | 92f166b6bed6ff50c6b8dfd658daac52698070ae91fda1ca0ccf131a7a8c0293; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 252 files
Ubuntu 107 files
indoushka 20 files
Debian 19 files
Gentoo 14 files
Google Security Research 13 files
CraCkEr 11 files
Mirabbas Agalarov 9 files
nu11secur1ty 8 files
Apple 8 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,754)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,838)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,356)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,642)
UNIX (9,244)
UnixWare (186)
Windows (6,555)
Other

CVE-2020-15254

Overview

Related Files

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems