Lucene search
+L

43 matches found

RustSec
RustSec
added 2023/11/15 12:0 p.m.8 views

`monero-api` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
added 2023/11/15 12:0 p.m.16 views

`lfest-main` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
added 2023/11/15 12:0 p.m.14 views

`win-base64-rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
added 2023/11/15 12:0 p.m.7 views

`lasso-rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
OSV
OSV
added 2023/11/15 12:0 p.m.6 views

RUSTSEC-2023-0116 `registry-win` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0References2
OSV
OSV
added 2023/11/15 12:0 p.m.6 views

RUSTSEC-2023-0118 `win_run_rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0References2
OSV
OSV
added 2023/11/15 12:0 p.m.5 views

RUSTSEC-2023-0111 `monero-api` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0References2
RustSec
RustSec
added 2023/11/06 12:0 p.m.4 views

`littest` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user http-tiny and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download...

5.8AI score
Exploits0
RustSec
RustSec
added 2023/10/19 12:0 p.m.4 views

Potential stack use-after-free in `Instrumented::into_inner`

The implementation of the Instrumented::intoinner method in affected versions of this crate contains undefined behavior due to incorrect use of std::mem::forget The function creates const pointers to self, calls mem::forgetselfstd::mem::forget, and then moves values out of those pointers using...

7.2AI score
Exploits0Affected Software1
OSV
OSV
added 2023/08/18 12:0 p.m.5 views

RUSTSEC-2023-0110 `postgresderive` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0References2
RustSec
RustSec
added 2023/08/16 12:0 p.m.8 views

`envlogger` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
added 2023/08/16 12:0 p.m.7 views

`xrvrv` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
added 2023/08/16 12:0 p.m.10 views

`postgress` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
OSV
OSV
added 2023/08/16 12:0 p.m.6 views

RUSTSEC-2023-0101 `oncecell` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0References3
OSV
OSV
added 2022/02/05 12:0 p.m.23 views

RUSTSEC-2022-0041 Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64

Impact Affected versions of this crate incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a 32-bit target can be smaller than AtomicI,U64. This can cause the following problems: - Unaligned memory accesses - Data race Crates usin...

8.1CVSS7.4AI score0.01239EPSS
Exploits1References3
OSV
OSV
added 2021/10/12 4:0 p.m.99 views

GHSA-4VR9-8CJF-VF9C Async-h1 request smuggling possible with long unread bodies

Impact This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the body of a request which is longer than some buffer length, async-h1 will attempt to read a subsequent request from the body content...

6.8CVSS6.7AI score0.01008EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/10/12 4:0 p.m.22 views

Async-h1 request smuggling possible with long unread bodies

Impact This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the body of a request which is longer than some buffer length, async-h1 will attempt to read a subsequent request from the body content...

7.5CVSS7.4AI score0.01008EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:56 p.m.14 views

Use after free in libpulse-binding

Overview Version 1.2.1 of the libpulse-binding Rust crate, released on the 15th of June 2018, fixed a pair of use-after-free issues with the objects returned by the getformatinfo and getcontext methods of Stream objects. These objects were mistakenly being constructed without setting an important...

2AI score
Exploits0References3Affected Software1
OSV
OSV
added 2021/08/25 8:56 p.m.17 views

GHSA-GHPQ-VJXW-CH5W Use after free in libpulse-binding

Overview Version 1.2.1 of the libpulse-binding Rust crate, released on the 15th of June 2018, fixed a pair of use-after-free issues with the objects returned by the getformatinfo and getcontext methods of Stream objects. These objects were mistakenly being constructed without setting an important...

7.5CVSS7.6AI score0.01328EPSS
Exploits0References3
OSV
OSV
added 2021/02/24 12:0 p.m.40 views

RUSTSEC-2021-0050 swap_index can write out of bounds and return uninitialized memory

swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...

7.3CVSS7.2AI score0.009EPSS
Exploits2References3
Rows per page
Query Builder