arr (crates.io) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the crates.io package arr, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2020-35887 — CVSS 9.8 (critical): An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut.
CVE-2020-35888 — CVSS 9.8 (critical): An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template.
CVE-2020-35886 — CVSS 4.7 (medium): An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary…