Malicious plugin names, recipients, or identities can cause arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided through an attacker-controlled input to the following age APIs when the plugin feature flag is enabled: - age::plugin::Identity::fromstr or equivalently str::parse:: ...

Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

`ruzstd` uninit and out-of-bounds memory reads

Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copybytesovershooting of up to 15 bytes. This may result in up to 15 bytes of memory contents being written into the decoded data wh...

Segmentation fault due to use of uninitialized memory

When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convertzipdatetime". In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object, the address of the object is changed to the...

webp crate may expose memory contents when encoding an image

Affected versions of this crate did not check that the input slice passed to "webp::Encoder::encode is large enough for the specified image dimensions. If the input slice is too short, the library will read out of bounds of the buffer and encode other memory contents as an image, resulting in...

Memory leak when calling a canister method via `ic_cdk::call`

When a canister method is called via iccdk::call, a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...

strason is unmaintained

strason will no longer be maintained as declared by the developer. The project has been archived...

olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...

`instant` is unmaintained

This crate is no longer maintained, and the author recommends using the maintained web-time crate instead. web-time: https://crates.io/crates/web-time...

gitoxide-core does not neutralize special characters for terminals

Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...

CWA-2024-004: Gas mispricing in cosmwasm-vm

Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain. For more...

Shell expansion in custom commands

Summary Undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Details I wanted to show the git commit name in my prompt I use bash, so I added a command: custom.gitcommitname comma...

The kstring integration in gix-attributes is unsound

gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...

Ambiguous challenge derivation

Challenge derivation in non-interactive ZK proofs was ambiguous and that could lead to security vulnerability however, it's unknown if it could be exploited...

phonenumber: panic on parsing crafted phonenumber inputs

Impact The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form...

`openslide` is unmaintained

The openslide crate is no longer maintained. Last release was on 2018-11-20. Possible alternatives Consider using an alternative, for instance: - openslide-rs - pamly...

`opentelemetry_api` has been merged into the `opentelemetry` crate

Last release was on 2023-07-30. opentelemetryapi has been moved into the opentelemetry crate. Please use the opentelemetry crate going forward...

Incorrect usage of `#[repr(packed)]`

The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...

The maintainer of chrono-english is unresponsive

All versions will encounter compilation errors with a chrono version 0.4.35, due to backward incompatible API changes. User conradludgade reworked the original crate and created a fork with the same API surface called interim. The fork is better structured and passes the same test suite as...

Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...

Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

Tor path lengths too short when "Vanguards lite" configured

Description When building anonymizing circuits to or from an onion service with 'lite' vanguards the default enabled, the circuit manager code would build the circuits with one hop too few. Impact This makes users of this code more vulnerable to some kinds of traffic analysis when they run or vis...

Tor path lengths too short when "full Vanguards" configured

Description When building anonymizing circuits to or from an onion service with full vanguards enabled, the circuit manager code would build the circuits with one hop too few. Impact This makes users of this code more vulnerable to some kinds of traffic analysis when they run or visit onion...

gtk-rs GTK3 bindings - no longer maintained

The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...

gtk-rs GTK3 bindings - no longer maintained

The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...

gtk-rs GTK3 bindings - no longer maintained

The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...

Stack buffer overflow with whoami on several Unix platforms

With versions of the whoami crate = 0.5.3 and = 0.5.3 and 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms: - Bitrig - DragonFlyBSD - FreeBSD - NetBSD - OpenBSD This occurs because of an incorrect definition of the passwd struct on those platforms...

ObjectPool creates uninitialized memory when freeing objects

As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its type parameter when it attempts to free an object, and swaps it into the storage. This causes instant undefined behavior due to reading the uninitialized memory in order to write it to the pool storage...

dav1d AV1 decoder integer overflow

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0...

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...

Unsound sending of non-Send types across threads

Affected versions can run the Drop impl of a non-Send type on a different thread than it was created on. The flaw occurs when a stderr write performed by the threadalone crate fails, for example because stderr is redirected to a location on a filesystem that is full, or because stderr is a pipe...

KyberSlash: division timings depending on secrets

Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...

`win_run_rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

`cpython` is unmaintained

The cpython crate and the underlying python3-sys and python27-sys crates have been marked as no longer actively maintained by the developer. There are also open issues for unsound code that is currently in these crates: - cpython265: Using some string functions causes segmentation faults on...

sudo-rs: Path Traversal vulnerability

Impact An issue was discovered where usernames containing the . and / characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For exampl...

`fehler` is unmaintained; use `culpa` instead

The fehler crate is no longer maintained. Consider using culpa instead...

blurhash: panic on parsing crafted blurhash inputs

Impact The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include: - UTF-8 compliant strings containing multi-byte UTF-...

Fails to prohibit standard library access prior to initialization of Rust standard library runtime

Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...

Multiple soundness issues

RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...

Multiple soundness issues

lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...

`tui` is unmaintained; use `ratatui` instead

The tui crate is no longer maintained. Consider using the ratatui crate instead...

Undefined Behavior in Rust runtime functions

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ch89-5g45-qwc7. For more information see the GitHub-hosted security advisory...

Out of bounds write in `wasmtime_trap_code` C API function

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-h84q-m8rr-3v9q. For more information see the GitHub-hosted security advisory...

Data leakage between instances in the pooling allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf. For more information see the GitHub-hosted security advisory...

Miscompilation of `i8x16.swizzle` and `select` with v128 inputs

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jqwc-c49r-4w2x. For more information see the GitHub-hosted security advisory...

Triton VM Soundness Vulnerability due to Missing Constraint

The instruction spongeabsorbmem Triton VM fails to verify that hashed values come from the claimed memory location. Malicious provers can substitute arbitrary data instead of actual memory contents. Any application using instruction spongeabsorbmem to hash memory data can be given a proof for a...

Denial of service in Steamworks game clients/servers using P2P authentication

Processing the raw ValidateAuthTicketResponset callback data panics when the meAuthSessionResponse field is kEAuthSessionResponseAuthTicketNetworkIdentityFailure. This can lead to denial of service in game clients and servers using the beginauthenticationsession API to authenticate players if a...

NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the S...