Lucene search
K
RustsecMost viewed

1141 matches found

RustSec
RustSec
•added 2021/12/20 12:0 p.m.•34 views

Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. If one cannot update the C library, its...

3.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2020/11/10 12:0 p.m.•34 views

AtomicBox<T> lacks bound on its Send and Sync traits allowing data races

AtomicBox is a Box type designed to be used across threads, however, it implements the Send and Sync traits for all types T. This allows non-Send types such as Rc and non-Sync types such as Cell to be used across thread boundaries which can trigger undefined behavior and memory corruption...

8.1CVSS2.1AI score0.0124EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/06/11 12:0 p.m.•34 views

Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT

Affected versions of this crate were optimized out by compiler, which caused dereference of uninitialized file descriptor which caused segfault...

7.5CVSS2.6AI score0.00958EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/05/16 12:0 p.m.•33 views

Out-of-bounds array access leads to panic

Affected versions of the crate have a bug where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not...

5.3CVSS6.8AI score0.00332EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/02/07 12:0 p.m.•33 views

Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord`

Affected versions of this crate did not check that the public key the signature was created with matches the peer ID of the peer record. Any combination was considered valid. This allows an attacker to republish an existing PeerRecord with a different PeerId...

4.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/03 12:0 p.m.•32 views

`OCSP_basic_verify` may incorrectly verify the response signing certificate

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

5.3CVSS1.5AI score0.01174EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/11/08 12:0 p.m.•32 views

Unexpected panic in multihash `from_slice` parsing code

In versions prior 0.11.3 it's possible to make fromslice panic by feeding it certain malformed input. It's never documented that fromslice and frombytes which wraps it can panic, and its' return type Result suggests otherwise. In practice, fromslice/frombytes is frequently used in networking code...

7.8CVSS2.9AI score0.01371EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/05/12 12:0 p.m.•31 views

DNS rebinding and cross-origin CSRF in dynoxide's MCP HTTP transport

dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host header,...

8.8CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/09 12:0 p.m.•31 views

Timing attack

Affecting versions did not compare tokens in constant time, which could make it possible for an attacker to guess the 2fa token of a user. This has been fixed by using using the crate constanttimeeq for comparison...

4.4CVSS4.8AI score0.00789EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/07/07 12:0 p.m.•31 views

Task dropped in wrong thread when aborting `LocalSet` task

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet. This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for bett...

5.9CVSS0.9AI score0.00836EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/02/17 12:0 p.m.•31 views

misc::vec_with_size() can drop uninitialized memory if clone panics

misc::vecwithsize creates a vector of the provided size and immediately calls vec.setlensize on it, initially filling it with uninitialized memory. It then inserts elements using veci = value.clone. If the value.clone call panics, uninitialized items in the vector will be dropped leading to...

9.8CVSS2.5AI score0.01363EPSS
Exploits1
RustSec
RustSec
•added 2020/12/08 12:0 p.m.•31 views

Future<T> lacks bounds on Send and Sync.

tinyfuture contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c79191...

8.1CVSS2.3AI score0.00766EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/12/06 12:0 p.m.•31 views

ordered_float:NotNan may contain NaN after panic in assignment operators

After using an assignment operators such as NotNan::addassign, NotNan::mulassign, etc., it was possible for the resulting NotNan value to contain a NaN. This could cause undefined behavior in safe code, because the safe NotNan::cmp method contains internal unsafe code that assumes the value is...

5.5CVSS2.4AI score0.00387EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/11/18 12:0 p.m.•31 views

Potential segfault in the time crate

Impact The affected functions set environment variables without synchronization. On Unix-like operating systems, this can crash in multithreaded programs. Programs may segfault due to dereferencing a dangling pointer if an environment variable is read in a different thread than the affected...

5.3CVSS5AI score0.01881EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/15 12:0 p.m.•31 views

Format string vulnerabilities in `pancurses`

pancurses::mvprintw and pancurses::printw passes a pointer from a rust &str to C, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory...

7.5CVSS6.4AI score0.01148EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2025/12/16 12:0 p.m.•30 views

Bincode is unmaintained

Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently. The team considers version 1.3.3 a complete version of bincode that is not in need of any updates. Alternatives to consider wincode postcard bitcode rkyv...

6.9AI score
Exploits0
RustSec
RustSec
•added 2023/06/11 12:0 p.m.•30 views

Ouroboros is Unsound

Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...

6.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/08/07 12:0 p.m.•30 views

`tauri`'s `readDir` endpoint allows possible enumeration outside of filesystem scope

It is possible for readDir to incorrectly enumerate files from a symlinked directory if called recursively when specifying an empty string for the dir parameter as outlined in this issue. This is corrected in this PR by checking if a directory is a symlink before reading from it...

8.3CVSS3.7AI score0.00773EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/11/14 12:0 p.m.•30 views

Converting `NSString` to a String Truncates at Null Bytes

Methods of NSString for conversion to a string may return a partial result. Since they call CStr::fromptr on a pointer to the string buffer, the string is terminated at the first null byte, which might not be the end of the string. In addition to the vulnerable functions listed for this issue, th...

7.5CVSS1.5AI score0.01314EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/11/08 12:0 p.m.•30 views

Some lock_api lock guard objects can cause data races

Affected versions of lockapi had unsound implementations of the Send or Sync traits for some guard objects, namely: MappedMutexGuard MappedRwLockReadGuard MappedRwLockWriteGuard RwLockReadGuard RwLockWriteGuard These guards could allow data races through types that are not safe to Send across...

5.5CVSS2.2AI score0.00324EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/06/01 12:0 p.m.•29 views

Bad-free in `MetaCallException::new`

exceptionstruct is a local stack variable, but the code passes its address to the C language as &mut exceptionstruct as mut as mut cvoid. Then, the returned MetaCallException value is stored here: rust OkSelf exceptionstruct: Arc::newexceptionstruct, value: exceptionptr, leak: false, Because leak...

5.8AI score
Exploits0
RustSec
RustSec
•added 2021/07/08 12:0 p.m.•29 views

Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic

Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a Timestamp to SystemTime. It is recommended to upgrade to prost-types v0.8 and switch the usage of From for SystemTime to TryFrom for SystemTime. See 438 for more informatio...

7.5CVSS3.6AI score0.01103EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/04/28 12:0 p.m.•29 views

Archives may contain uninitialized memory

rkyv is a serialization framework that writes struct-compatible memory to be stored or transmitted. During serialization, struct padding bytes and unused enum bytes may not be initialized. These bytes may be written to disk or sent over unsecured channels...

7.5CVSS2.3AI score0.01079EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/09/02 12:0 p.m.•29 views

Internally mutating methods take immutable ref self

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...

9.8CVSS2.3AI score0.01796EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/06/01 12:0 p.m.•29 views

Use after free in CMS Signing

Affected versions of the OpenSSL crate used structures after they'd been freed...

9.8CVSS2.6AI score0.01744EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/04/09 12:0 p.m.•28 views

Panic when lifting `flags` component value

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m758-wjhj-p3jq For more information see the GitHub-hosted security advisory...

7.5CVSS5.9AI score0.00324EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/04/09 12:0 p.m.•28 views

Rand is unsound with a custom logger using `rand::rng()`

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

5.7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/03/31 12:0 p.m.•28 views

Use after free with `externref`s and epoch interruption in Wasmtime

Use after free with externrefs and epoch interruption in Wasmtime...

9.8CVSS1.6AI score0.01137EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/07/08 12:0 p.m.•28 views

Incorrect handling of embedded SVG and MathML leads to mutation XSS

Affected versions of this crate did not account for namespace-related parsing differences between HTML, SVG, and MathML. Even if the svg and math elements are not allowed, the underlying HTML parser still treats them differently. Running cleanup without accounting for these differing namespaces...

6.1CVSS1.3AI score0.00702EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/02/19 12:0 p.m.•28 views

StackVec::extend can write out of bounds when size_hint is incorrect

StackVec::extend used the lower and upper bounds from an Iterator's sizehint to determine how many items to push into the stack based vector. If the sizehint implementation returned a lower bound that was larger than the upper bound, StackVec would write out of bounds and overwrite memory on the...

7.5CVSS2.8AI score0.01025EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/02/09 12:0 p.m.•28 views

Use-after-free in `subscript_next` and `subscript_prev` wrappers

Affected versions of this crate had an unsound implementation which could pass a pointer to freed memory to ydbsubscriptnextst and ydbsubscriptprevst if the variable and subscripts did not have enough memory allocated on the first call to hold the next variable in the database. For example, the...

9.8CVSS3.2AI score0.01308EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/12/22 12:0 p.m.•28 views

conquer-once's OnceCell lacks Send bound for its Sync trait.

Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types. This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs. The issue was fixed by...

7.8CVSS3.8AI score0.00426EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/03/24 12:0 p.m.•28 views

Flaw in `realloc` allows reading unknown memory

When reallocing, if we allocate new space, we need to copy the old allocation's bytes into the new space. There are oldsize number of bytes in the old allocation, but we were accidentally copying newsize number of bytes, which could lead to copying bytes into the realloc'd space from past the chu...

7.5CVSS0.9AI score0.0149EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/01/24 12:0 p.m.•28 views

Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...

5.5CVSS1.5AI score0.00334EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/10/22 12:0 p.m.•28 views

ChaCha20 counter overflow can expose repetitions in the keystream

The ChaCha20 stream cipher can produce a maximum of 2^32 blocks 256GB before the 32-bit counter overflows. Releases of the chacha20 crate prior to v0.2.3 allow generating keystreams larger than this, including seeking past the limit. When this occurs, the keystream is duplicated, with failure mod...

7.5CVSS1.7AI score0.01309EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/06/04 12:0 p.m.•27 views

surf is unmaintained

The surf crate is unmaintained, and all versions are affected. For alternatives, consider using reqwest or ureq. See this issue for more context...

5.8AI score
Exploits0
RustSec
RustSec
•added 2022/10/25 12:0 p.m.•27 views

evm incorrect state transition

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

7.5CVSS1.6AI score0.00538EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/10/10 12:0 p.m.•27 views

Slack Webhooks secrets leak in debug logs

Debug log formatting made it possible to leak Webhooks secrets into debug logs. The patched version has introduced more strict checks to avoid this...

7.5CVSS2.4AI score0.00663EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/01/23 12:0 p.m.•27 views

Data race in `Iter` and `IterMut`

In the affected version of this crate, Iter, IterMut::next used a weaker memory ordering when loading values than what was required, exposing a potential data race when iterating over a ThreadLocal's values. Crates using Iter::next, or IterMut::next are affected by this issue...

4.2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2021/02/17 12:0 p.m.•27 views

Tape::take_bytes exposes uninitialized memory to a user-provided Read

Affected versions of this crate passed an unininitialized buffer to a user-provided Read instance in Tape::takebytes. This can result in safe Read implementations reading from the uninitialized buffer leading to undefined behavior. The flaw was corrected in commit 1f2dc7f37dd by removing the unsa...

7.5CVSS4.8AI score0.01059EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/10 12:0 p.m.•27 views

panic safety issue in `impl TransformContent<S, D> for [S; (2|3|4)]`

Affected versions of this crate did not guard against double drop while temporarily duplicating objects' ownership using ptr::read. Upon panic in a user-provided function conversion, objects that are copied by ptr::read are dropped twice, leading to memory corruption. The flaw was corrected in...

7.5CVSS2.1AI score0.01327EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/11/24 12:0 p.m.•27 views

Cache<K>: Send/Sync impls needs trait bounds on `K`

Affected versions of this crate unconditionally implement Send/Sync for Cache. This allows users to insert K that is not Send or not Sync. This allows users to create data races by using non-Send types like Arc or Rc as K in Cache. It is also possible to create data races by using types like Cell...

8.1CVSS3.4AI score0.01098EPSS
Exploits1
RustSec
RustSec
•added 2020/11/10 12:0 p.m.•27 views

AtomicBox<T> implements Send/Sync for any `T: Sized`

Affected versions of this crate implements Send/Sync for AtomicBox without requiring T: Send/T: Sync. This allows to create data races to T: !Sync and send T: !Send to another thread. Such behavior breaks the compile-time thread safety guarantees of Rust, and allows users to incur undefined...

8.1CVSS3AI score0.00766EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/10/31 12:0 p.m.•27 views

AtomicOption should have Send + Sync bound on its type argument.

In the affected versions of this crate, AtomicOption unconditionally implements Sync. This allows programmers to move non-Sync types across thread boundaries e.g. Rc, Arc, which can lead to data races and undefined behavior. It is also possible to send non-Send types like std::sync::MutexGuard to...

5.9CVSS3.6AI score0.01107EPSS
Exploits1
RustSec
RustSec
•added 2020/08/31 12:0 p.m.•27 views

Misbehaving `HandleLike` implementation can lead to memory safety violation

Unsafe code in ObjectPool has time-of-check to time-of-use TOCTOU bug that can eventually lead to a memory safety violation. ObjectPool and HandlePool implicitly assumes that HandleLike trait methods are pure, i.e., they always return the same value. However, this assumption is unsound since...

8.1CVSS1.5AI score0.0087EPSS
Exploits0
RustSec
RustSec
•added 2020/01/24 12:0 p.m.•27 views

Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation

Affected versions of this crate passes an uninitialized buffer to a user-provided trait function AsyncRead::pollread. Arbitrary AsyncRead::pollread implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading...

9.8CVSS3.6AI score0.0123EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2016/11/05 12:0 p.m.•27 views

SSL/TLS MitM vulnerability due to insecure defaults

All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...

8.1CVSS2.6AI score0.00745EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/04/13 12:0 p.m.•26 views

`pretty-changelog-logger` was removed from crates.io for malicious code

pretty-changelog-logger contains a build script build.rs that acts as a loader/dropper for malicious payloads. The malicious crate had 3 versions published on 2026-04-08 that had a total of 2239 downloads. There were no crates depending on this crate on crates.io. Thanks to Socket.dev for detecti...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/06/21 12:0 p.m.•26 views

memoffset allows reading uninitialized memory

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/24 12:0 p.m.•26 views

`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference

These functions would crash when the context argument was None with certain extension types. Thanks to David Benjamin Google for reporting this issue...

6.7AI score
Exploits0Affected Software1
Total number of security vulnerabilities1141