MidnightBSD

Advisories for servo

CVE-2018-20991 HIGH

An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
servo smallvec *
CVE-2018-25023 MEDIUM

An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-908,

Products Affected

Vendor Product Version
servo smallvec *
CVE-2019-15551 HIGH

An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
servo smallvec *
CVE-2019-15554 HIGH

An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
servo smallvec *
CVE-2021-25900 HIGH

An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
servo smallvec *
CVE-2024-12224

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
servo idna *