RUSTSEC-2026-0142 Double-free in `vmem` storage reachable from safe Rust (predecessor of `oneringbuf`)

mutringbuf is the archived predecessor of oneringbuf — the crate was renamed and the GitHub repository was archived on 2025-11-20. All released versions up to 1.0.0 carry the same vmem-feature double-free bug that affects oneringbuf, with the same code paths and the same reproduction shape. When...

Double-free in `vmem` storage reachable from safe Rust

When the vmem feature is enabled, VmemStorage::newBox and every public constructor that funnels through it — ConcurrentHeapRB::defaultcap, ConcurrentHeapRB::fromVec, From, etc. bit-copies the input buffer into a freshly mmap'd region with ptr::copynonoverlapping, then lets the source Box drop...

CVE-2026-41681

A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming language. The EVPDigestFinal function, used for cryptographic hashing, can write past the end of its intended output buffer if the buffer is too small. This out-of-bounds write can corrupt the program'...

CVE-2026-41681

CVE-2026-41681 affects rust-openssl OpenSSL bindings. From 0.10.39 through before 0.10.78, EVP_DigestFinal() writes EVP_MD_CTX_size(ctx) to the output buffer. If the destination is smaller, MdCtxRef::digest_final() writes past the end, usually corrupting the stack, and this is reachable from safe...

rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length check

EVPDigestFinal always writes EVPMDCTXsizectx to the out buffer. If out is smaller than that, MdCtxRef::digestfinal writes past its end, usually corrupting the stack. This is reachable from safe Rust...

PT-2026-34623

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.10.39 through 0.10.77 Description The EVP DigestFinal function always writes EVP MD CTX sizectx to the out buffer. If the out buffer is smaller than that size, the MdCtxRef::digest final function writes past its end,...

LLM4C2Rust: Large Language Models for Automated Memory-Safe Code Transpilation

Memory safety has long been a critical challenge in software engineering, particularly for legacy systems written in memory-unsafe languages such as C and C++. Rust, one of the youngest modern programming languages, offers built-in memory-safety guarantees that make it a strong candidate for secu...

RUSTSEC-2025-0030 totally-safe-transmute allows transmuting any type to any other type in safe Rust

This crate is a toy and should never be used. It showcases a known soundness issue https://github.com/rust-lang/rust/issues/32670 that will never get fixed. In short, Linux provides a file called /proc/self/mem which can be used by a program to modify its own memory. This library modifies an enum...

RUSTSEC-2025-0029 totally-safe introduces memory vulnerabilities in safe Rust

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

totally-safe introduces memory vulnerabilities in safe Rust

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

RUSTSEC-2025-0028 cve-rs introduces memory vulnerabilities in safe Rust

This crate is a joke and should never be used. cve-rs provides demonstrations of common memory vulnerabilities such as buffer overflows and segfaults implemented completely within safe Rust. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc:...

cve-rs introduces memory vulnerabilities in safe Rust

This crate is a joke and should never be used. cve-rs provides demonstrations of common memory vulnerabilities such as buffer overflows and segfaults implemented completely within safe Rust. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc:...

GHSA-RH4W-94HH-9943 MutexGuard::map can cause a data race in safe code

Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U. This could of led to data races in safe Rust code when a closure used in MutexGuard::map returns U that is unrelated to T. The issue was...

GHSA-36CG-4JFF-5863 Data races in signal-simple

Affected versions of this crate unconditionally implement Send/Sync for SyncChannel. SyncChannel doesn't provide access to &T but merely serves as a channel that consumes and returns owned T. Users can create UB in safe Rust by sending T: !Send to other threads with SyncChannel::send/recv APIs...

Data races in model

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

GHSA-4HJG-CX88-G9F9 Data races in futures-intrusive

GenericMutexGuard was given the Sync auto trait as long as T is Send due to its contained members. However, since the guard is supposed to represent an acquired lock and allows concurrent access to the underlying data from different threads, it should only be Sync when the underlying data is. Thi...

RUSTSEC-2020-0097 Soundness issue with base::Error

base::Error type contains public field named ptr. With this definition, it is possible to create a base::Error with an invalid pointer and trigger memory safety errors such as use-after-free or double-free with safe Rust. The users of xcb crate are advised not to manipulate the field...

RUSTSEC-2020-0140 `Shared` can cause a data race

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

`Shared` can cause a data race

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

RUSTSEC-2020-0059 MutexGuard::map can cause a data race in safe code

Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U. This could of led to data races in safe Rust code when a closure used in MutexGuard::map returns U that is unrelated to T. The issue was...