Evan Richter

**Name of the Vulnerable Software and Affected Versions** linked list allocator versions prior to 0.10.2 **Description** The heap initialization methods in linked list allocator were missing a minimum size check for the given heap size argument, which could lead to out-of-bound writes when a heap was initialized with a size smaller than `3 * size of::<usize>`. This issue affects all initialization functions on the `Heap` and `LockedHeap` types, including `Heap::new`, `Heap::init`, `Heap::init from slice`, and `LockedHeap::new`, as well as multiple uses of the `Heap::extend` method. **Recommendations** To resolve the issue, upgrade to version 0.10.2 or later. As a temporary workaround, ensure that the heap is only initialized with a size larger than `3 * size of::<usize>` and that the `Heap::extend` method is only called with sizes larger than `2 * size of::<usize>()`. Also, ensure that the total heap size is (and stays) a multiple of `2 * size of::<usize>()`.

**Name of the Vulnerable Software and Affected Versions** Apache Avro Rust SDK versions prior to 0.14.0 **Description** It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications. **Recommendations** For versions prior to 0.14.0, update to apache-avro version 0.14.0 to address this issue. As a temporary workaround, consider restricting the input data to prevent endless loops until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apache Avro Rust SDK versions prior to 0.14.0 **Description** The issue allows a Reader to consume memory beyond the allowed constraints, leading to out of memory on the system. This affects Rust applications using the Apache Avro Rust SDK. **Recommendations** For versions prior to 0.14.0, update to apache-avro version 0.14.0 to address this issue.

**Name of the Vulnerable Software and Affected Versions** Apache Avro Rust SDK versions prior to 0.14.0 **Description** It is possible to crash an application by providing corrupted data to be read. This issue affects Rust applications using the Apache Avro Rust SDK. **Recommendations** For versions prior to 0.14.0, update to apache-avro version 0.14.0 to address this issue.

[Content removed]

**Name of the Vulnerable Software and Affected Versions** rulex versions prior to 0.4.3 **Description** When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. This is a security concern for services that parse untrusted rulex expressions and become unavailable when the thread running rulex panics. **Recommendations** Update to version 0.4.3 to fix the issue. As a temporary workaround, consider using `catch unwind` to recover from panics or assume that regular expression parsing will panic and add logic to catch panics.