Servo: Security Vulnerabilities
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-05-30
An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-12-27
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-01-26
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-08-26
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-08-26
An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-08-26