Path to dependency file: /third_party/rust_crates/tiny_mirrors/rustls/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/tiny_mirrors/rustls/Cargo.toml,/third_party/rust_crates/Cargo.toml,/third_party/rust_crates/vendor/crossbeam-epoch-0.8.2/Cargo.toml
WS-2023-0196 - Critical Severity Vulnerability
memoffset-0.6.1.crate
offset_of functionality for Rust structs.
Library home page: https://crates.io/api/v1/crates/memoffset/0.6.1/download
Path to dependency file: /third_party/rust_crates/vendor/handlebars/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/vendor/handlebars/Cargo.toml
Dependency Hierarchy: - criterion-0.3.4.crate (Root Library) - rayon-1.5.0.crate - rayon-core-1.9.0.crate - crossbeam-deque-0.8.0.crate - crossbeam-epoch-0.9.3.crate - :x: **memoffset-0.6.1.crate** (Vulnerable Library)
memoffset-0.5.4.crate
offset_of functionality for Rust structs.
Library home page: https://crates.io/api/v1/crates/memoffset/0.5.4/download
Path to dependency file: /third_party/rust_crates/vendor/flate2/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/vendor/flate2/Cargo.toml
Dependency Hierarchy: - tokio-threadpool-0.1.18.crate (Root Library) - crossbeam-deque-0.7.3.crate - crossbeam-epoch-0.8.2.crate - :x: **memoffset-0.5.4.crate** (Vulnerable Library)
memoffset-0.5.3.crate
offset_of functionality for Rust structs.
Library home page: https://crates.io/api/v1/crates/memoffset/0.5.3/download
Path to dependency file: /third_party/rust_crates/tiny_mirrors/rustls/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/tiny_mirrors/rustls/Cargo.toml,/third_party/rust_crates/Cargo.toml,/third_party/rust_crates/vendor/crossbeam-epoch-0.8.2/Cargo.toml
Dependency Hierarchy: - :x: **memoffset-0.5.3.crate** (Vulnerable Library)
memoffset-0.2.1.crate
offset_of functionality for Rust structs.
Library home page: https://crates.io/api/v1/crates/memoffset/0.2.1/download
Path to dependency file: /third_party/rust_crates/vendor/base64-0.11.0/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/vendor/base64-0.11.0/Cargo.toml
Dependency Hierarchy: - criterion-0.3.0.crate (Root Library) - rayon-1.1.0.crate - crossbeam-deque-0.6.3.crate - crossbeam-epoch-0.7.1.crate - :x: **memoffset-0.2.1.crate** (Vulnerable Library)
memoffset-0.5.1.crate
offset_of functionality for Rust structs.
Library home page: https://crates.io/api/v1/crates/memoffset/0.5.1/download
Path to dependency file: /third_party/rust_crates/vendor/pulldown-cmark/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/vendor/pulldown-cmark/Cargo.toml
Dependency Hierarchy: - criterion-0.3.0.crate (Root Library) - rayon-1.2.0.crate - crossbeam-deque-0.7.1.crate - crossbeam-epoch-0.7.2.crate - :x: **memoffset-0.5.1.crate** (Vulnerable Library)
memoffset-0.5.5.crate
offset_of functionality for Rust structs.
Library home page: https://crates.io/api/v1/crates/memoffset/0.5.5/download
Path to dependency file: /third_party/rust_crates/vendor/base64/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/vendor/base64/Cargo.toml
Dependency Hierarchy: - criterion-0.3.2.crate (Root Library) - rayon-1.3.1.crate - rayon-core-1.7.1.crate - crossbeam-deque-0.7.3.crate - crossbeam-epoch-0.8.2.crate - :x: **memoffset-0.5.5.crate** (Vulnerable Library)
Found in HEAD commit: 4ec0c406a28f193fe6e7376ee7696cca0532d4ba
Found in base branch: master
memoffset allows reading uninitialized memory
Publish Date: 2024-11-03
URL: WS-2023-0196
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/advisories/GHSA-wfg4-322g-9vqv
Release Date: 2023-06-22
Fix Resolution: memoffset - 0.6.2
Step up your Open Source Security Game with Mend here