Nervos CKB Unaligned Pointer Dereference

via [email protected] There are multiple type conversions in ckb that unsafely cast between byte pointers and other types of pointers. This results in unaligned pointers, which are not allowed by the Rust language, and are considered undefined behavior, meaning that the compiler is free to do...

Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities

Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer IntSan and BoundsSanitizer BoundSan, both of which are part of...

DEBIAN-CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

Apollo Router Security Vulnerability

Apollo Router is a configurable, high-performance graphical router written in Rust. A security vulnerability exists in Apollo Router that stems from enabling GraphQL subscriptions, which in some cases can cause the Router to experience an emergency and terminate...

CVE-2023-34449 ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that...

Maligned causes incorrect deallocation

maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...

SUSE CVE-2018-25023

An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type...

SUSE CVE-2019-15553

An issue was discovered in the memoffset crate before 0.5.0 for Rust. offsetof and spanof can cause exposure of uninitialized memory...

SUSE CVE-2019-16137

An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion...

SUSE CVE-2020-35920

An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

SUSE CVE-2021-28876

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety...

SUSE CVE-2021-28878

In the standard library in Rust before 1.52.0, the Zip implementation calls iteratorgetunchecked more than once for the same index under certain conditions when nextback and next are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the...

SUSE CVE-2021-45696

An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used...

ALPINE-CVE-2022-46176

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

Design/Logic Flaw

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

GHSA-PP8R-VV2J-9J5V traitobject is Unmaintained

Crate traitobject has not had a release for over five years. In addition there is an existing security advisory that has not been addressed: - RUSTSEC-2020-0027 Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives; - destructuretraitobject...

Manjusaka: A Chinese sibling of Sliver and Cobalt Strike

By Asheer Malhotra and Vitor Ventura. Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants...

SWHKD 安全漏洞

SWHKD is a display protocol-independent hotkey daemon made in Rust. SWHKD has a security vulnerability that stems from keyboard events using an unintended user, which can be exploited by an attacker to cause information disclosure, but is usually a denial of functionality...

Mozilla: Denial of Service via complex regular expressions

regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those tunable mitigations already provide sane defaults to preven...