Ksj1230

**Name of the Vulnerable Software and Affected Versions** smallbitvec (affected versions not specified) **Description** An integer overflow occurs during the internal capacity calculation within the `buffer len(cap)` function. When the `cap` variable is close to `usize::MAX`, unchecked arithmetic causes the value to wrap around in release builds, leading to an undersized heap allocation. This creates a discrepancy where internal metadata reflects a larger size than the actual allocated buffer. Consequently, safe API calls such as `set`, `push`, and `reserve` perform index computations based on this corrupted metadata, resulting in out-of-bounds memory access and a heap buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Grid versions 0.17.0 through 1.0.0 **Description** An integer overflow in the `expand rows()` function can corrupt the relationship between the grid's logical dimensions and its backing storage. This occurs because the function computes the new backing length using unchecked arithmetic. If the calculation overflows, the backing storage may be resized to a length smaller than required. Consequently, the safe API `get()` may invoke `get unchecked()` with an invalid index, leading to Undefined Behavior, which is a state where the program's behavior is no longer predictable and may result in crashes or denial of service. **Recommendations** Update to version 1.0.1.

**Name of the Vulnerable Software and Affected Versions** Bytes versions 1.2.1 through 1.11.0 **Description** The Bytes library contains a flaw in the `BytesMut::reserve` function that can lead to an integer overflow. Specifically, an unchecked addition within the reclaim path of `BytesMut::reserve` can cause the allocated capacity to be incorrectly calculated when `new cap + offset` overflows a `usize` value in release builds. This can result in the `cap` value being set to a value exceeding the actual allocated capacity. Subsequent calls to functions like `spare capacity mut()` may then create out-of-bounds slices, leading to undefined behavior. This issue is observable in release builds, while debug builds trigger a panic due to overflow checks. **Recommendations** Update to Bytes version 1.11.1 or later.