Shnatsel

Name of the Vulnerable Software and Affected Versions: yaml-rust versions 0.4.0 and earlier Description: The issue is related to uncontrolled recursion, which can lead to a denial of service due to an impossible to catch abort. This occurs when the `YamlLoader::load from str` function is used to parse a malicious YAML document. Recommendations: For yaml-rust versions 0.4.0 and earlier, update to version 0.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `YamlLoader::load from str` function when parsing untrusted YAML documents.

**Name of the Vulnerable Software and Affected Versions** safe-transmute crate versions prior to 0.10.1 **Description** An issue was discovered in the safe-transmute crate where a constructor's arguments are in the wrong order, causing heap memory corruption. The affected versions of this crate switched the length and capacity arguments in the `Vec::from raw parts()` constructor, which could lead to memory corruption or data leakage. **Recommendations** For versions prior to 0.10.1, update to version 0.10.1 or later to fix the issue. As a temporary workaround, consider using the `Vec::from raw parts()` constructor correctly by ensuring the length and capacity arguments are in the correct order until a patch is available.