Lucene search
K
RustsecMost viewed

1141 matches found

RustSec
RustSec
added 2026/05/01 12:0 p.m.6 views

NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the S...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/01/26 12:0 p.m.6 views

X25519 secret validation did not check buffer length or clamping

The latest releases of the libcrux-ecdh crate contains the following bug-fix: 1301: Check length and clamping in X25519 secret validation. This is a breaking change since errors are now raised on unclamped X25519 secrets or inputs of the wrong length...

5.4AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/12/24 12:0 p.m.6 views

Unsound APIs of public `constant::Reader` and `StructSchema`

The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::getrootunchecked, which can cause undefined behavior UB by constructing arbitrary words or schemas. Reader::get rust pub fn get&self - Result::Reader // ... // UNSAFE: access words without validation...

6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/12/03 12:0 p.m.6 views

`evm-units` was removed from crates.io for malicious code

It appeared to be attempting to steal cryptocurrency...

5.3AI score
Exploits0
RustSec
RustSec
added 2025/11/17 12:0 p.m.6 views

hexchat crate is unsound and unmaintained

All versions of this crate have function deregistercommand which can result in use after free. This is unsound. In addition, all versions since 0.3.0 have "safe" macros, which are documented as unsafe to use in threads. In addition, the hexchat crate is no longer actively maintained. If you rely ...

5.4AI score
Exploits0
RustSec
RustSec
added 2025/11/17 12:0 p.m.6 views

rand_os crate is unmaintained

The randos crate is deprecated and no longer actively maintained, as OsRng is now part of randcore. If you are using this crate, consider upgrading to randcore 0.5.1 or higher...

7AI score
Exploits0
RustSec
RustSec
added 2025/10/31 12:0 p.m.6 views

Lack of sufficient checks in public API

The affected function is unsound due to insufficient checks on public struct field...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/10/18 12:0 p.m.6 views

`unic-ucd` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icuproperties...

7AI score
Exploits0
RustSec
RustSec
added 2025/10/18 12:0 p.m.6 views

`unic-ucd-category` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icuproperties...

7AI score
Exploits0
RustSec
RustSec
added 2025/10/02 12:0 p.m.6 views

soundness issue and unmaintained

All functions under wrflib::byteextract are simply wrapper of unsafe pointer offset and lacks sufficient checks to it pointer and offset parameter. wrflib is unmaintained...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/09/11 12:0 p.m.6 views

matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

6.9CVSS6.9AI score0.00374EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/08/14 12:0 p.m.6 views

IdMap::from_iter may lead to uninitialized memory being freed on drop

Due to a flaw in the constructor idmap::IdMap::fromiter, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of IdMap. Specifically, the field ids is initialized based on the capacity of the vector values, which is...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/08/14 12:0 p.m.6 views

Multiple memory corruption vulnerabilities in safe APIs

The crate has the following vulnerabilities: - The public trait arenavec::common::AllocHandle allows the return of raw pointers through its methods allocate and allocateorextend. However, the trait is not marked as unsafe, meaning users of the crate may implement it under the assumption that the...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/07/11 12:0 p.m.6 views

Uninitialized read after allocating MemBump

The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various alloc methods would then read and write the start of that memory as a Cell which is undefined behavior. Instead, it should zero initialize the start of the allocate...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/05/06 12:0 p.m.6 views

soundness issue and unmaintained

shaman::cryptoutil::writeu64vle and other functions mentioned above cannot garantee memory safety of getunchecked later if both length are zero. shaman is unmaintained...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/05/06 12:0 p.m.6 views

soundness issue and unmaintained

wrenrust::macros::defaultrealloc lacks sufficient checks to it pointer parameter which passed into free and realloc wrenrust is unmaintained...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/04/08 12:0 p.m.6 views

crossbeam-channel: double free on Drop

The internal Channel type's Drop method has a race which could, in some circumstances, lead to a double-free. This could result in memory corruption. Quoting from the upstream description in merge request \1187: The problem lies in the fact that dicardallmessages contained two paths that could le...

6.5CVSS6.9AI score0.00484EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/03/13 12:0 p.m.6 views

Use after free in `Parc` and `Prc` due to missing lifetime constraints

Affected versions of this crate didn't provide sufficient lifetime constraints to conversion functions from alloc::sync::Arc and alloc::rc::Rc, which made it possible to create projections of these reference counted pointers. Unlike the original reference counted pointers, these projections could...

6.7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/03/04 12:0 p.m.6 views

`openpgp-card-sequoia` is unmaintained.

The openpgp-card-sequoia crate is no longer actively maintained. You can use the openpgp-card-rpgp crate for OpenPGP card client functionality instead...

7.2AI score
Exploits0
RustSec
RustSec
added 2025/02/16 12:0 p.m.6 views

Denial of Service via malicious Web Push endpoint

Prior to version 0.10.3, the built-in clients of the web-push crate eagerly allocated memory based on the Content-Length header returned by the Web Push endpoint. Malicious Web Push endpoints could return a large Content-Length without ever having to send as much data, leading to denial of servic...

4CVSS7AI score0.00331EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/02/10 12:0 p.m.6 views

`rands` was removed from crates.io for malicious code

This crate attempted to typosquat the rand crate, and would link in a malware payload on macOS and Linux hosts when built. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available. The related...

5.8AI score
Exploits0
RustSec
RustSec
added 2025/01/15 12:0 p.m.6 views

`root` appended to group listings

Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...

7.1CVSS6.8AI score0.00166EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/01/13 12:0 p.m.6 views

registry is unmaintained

The author has archived the GitHub repository and mentions deprecation in project's README. Possible alternatives windows-registry...

7.2AI score
Exploits0
RustSec
RustSec
added 2024/12/18 12:0 p.m.6 views

Malicious plugin names, recipients, or identities can cause arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided through an attacker-controlled input to the following age APIs when the plugin feature flag is enabled: - age::plugin::Identity::fromstr or equivalently str::parse:: ...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/09 12:0 p.m.6 views

gtk-layer-shell-sys GTK3 bindings - no longer maintained

The gtk-layer-shell-sys GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-layer-shell instead...

7.1AI score
Exploits0
RustSec
RustSec
added 2024/12/05 12:0 p.m.6 views

Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/11/28 12:0 p.m.6 views

`ruzstd` uninit and out-of-bounds memory reads

Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copybytesovershooting of up to 15 bytes. This may result in up to 15 bytes of memory contents being written into the decoded data wh...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/11/16 12:0 p.m.6 views

Bias of Polynomial Coefficients in Secret Sharing

Affected versions of this crate allowed for a bias when generating random polynomials for Shamir Secret Sharing, where instead of being within the range 0, 255 they were instead in the range 1, 255. A description from Cure53, who originally found the issue, is available: The correct method to...

7AI score
Exploits0
RustSec
RustSec
added 2024/10/31 12:0 p.m.6 views

Multiple soundness issues

fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...

7.2AI score
Exploits0
RustSec
RustSec
added 2024/10/12 12:0 p.m.6 views

Risk of use-after-free in `borrowed` reads from Python weak references

The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the weak reference does itself not have ownership of the value. At any point the last strong reference could be cleared and the borrowed value would become dangling. In PyO3 0.22.4...

5.3CVSS6.9AI score0.00204EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/10/02 12:0 p.m.6 views

Runtime crash when combining tail calls with stack traces

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q8hx-mm92-4wvg. For more information see the GitHub-hosted security advisory...

5.5CVSS7AI score0.00244EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/09/06 12:0 p.m.6 views

gix-path improperly resolves configuration path reported by Git

Summary gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Details In gixpath::env, th...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/09/06 12:0 p.m.6 views

webp crate may expose memory contents when encoding an image

Affected versions of this crate did not check that the input slice passed to "webp::Encoder::encode is large enough for the specified image dimensions. If the input slice is too short, the library will read out of bounds of the buffer and encode other memory contents as an image, resulting in...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/09/04 12:0 p.m.6 views

strason is unmaintained

strason will no longer be maintained as declared by the developer. The project has been archived...

7.1AI score
Exploits0
RustSec
RustSec
added 2024/08/22 12:0 p.m.6 views

gitoxide-core does not neutralize special characters for terminals

Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...

5.4CVSS7.2AI score0.00448EPSS
Exploits0
RustSec
RustSec
added 2024/08/14 12:0 p.m.6 views

Uncaught exception when transitioning the state of `AsyncGenerator` objects from within a property getter of `then`

A wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Details Boa's implementation of AsyncGenerator makes the assumption that the state of an AsyncGenerator object cannot change while resolving a promise created by method...

8.6CVSS7.2AI score0.00601EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/07/26 12:0 p.m.6 views

Shell expansion in custom commands

Summary Undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Details I wanted to show the git commit name in my prompt I use bash, so I added a command: custom.gitcommitname comma...

7.4CVSS7.5AI score0.00463EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2024/07/24 12:0 p.m.6 views

The kstring integration in gix-attributes is unsound

gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/07/18 12:0 p.m.6 views

`UserIdentity::is_verified` not checking verification status of own user identity while performing the check

The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result return a value contrary to what is implied by its name and documentation. Impact If t...

5.4CVSS6.9AI score0.0028EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/07/18 12:0 p.m.6 views

Ambiguous challenge derivation

Challenge derivation in non-interactive ZK proofs was ambiguous and that could lead to security vulnerability however, it's unknown if it could be exploited...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/07/18 12:0 p.m.6 views

op_panic in the base runtime can force a panic in the runtime's containing thread

Affected versions use denocore releases that expose Deno.core.ops.oppanic to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime. It can be fixed by stubbing out the exposed op: javascript Deno.core.ops.oppanic = msg = throw new...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/07/17 12:0 p.m.6 views

Usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

2.9CVSS6.8AI score0.00201EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/07/06 12:0 p.m.6 views

Dump Undefined Memory by `JitDumpFile`

The unsound function dumpcodeloadrecord uses fromrawparts to directly convert the pointer addr and len into a slice without any validation and that memory block would be dumped. Thus, the 'safe' function dumpcodeloadrecord is actually 'unsafe' since it requires the caller to guarantee that the ad...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/07/03 12:0 p.m.6 views

`openslide` is unmaintained

The openslide crate is no longer maintained. Last release was on 2018-11-20. Possible alternatives Consider using an alternative, for instance: - openslide-rs - pamly...

7.2AI score
Exploits0
RustSec
RustSec
added 2024/07/01 12:0 p.m.6 views

Incorrect usage of `#[repr(packed)]`

The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/05/22 12:0 p.m.6 views

Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

8.8CVSS8AI score0.00816EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/05/15 12:0 p.m.6 views

Tor path lengths too short when "full Vanguards" configured

Description When building anonymizing circuits to or from an onion service with full vanguards enabled, the circuit manager code would build the circuits with one hop too few. Impact This makes users of this code more vulnerable to some kinds of traffic analysis when they run or visit onion...

7.3CVSS7.2AI score0.00298EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/05/15 12:0 p.m.6 views

Tor path lengths too short when "Vanguards lite" configured

Description When building anonymizing circuits to or from an onion service with 'lite' vanguards the default enabled, the circuit manager code would build the circuits with one hop too few. Impact This makes users of this code more vulnerable to some kinds of traffic analysis when they run or vis...

6.2CVSS7.2AI score0.00186EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/04/19 12:0 p.m.6 views

`rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

If a closenotify alert is received during a handshake, completeio does not terminate. Callers which do not call completeio are not affected. rustls-tokio and rustls-ffi do not call completeio and are not affected. rustls::Stream and rustls::StreamOwned types use completeio and are affected...

7.5CVSS7.1AI score0.00949EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/04/03 12:0 p.m.6 views

Degradation of service in h2 servers with CONTINUATION Flood

An attacker can send a flood of CONTINUATION frames, causing h2 to process them indefinitely. This results in an increase in CPU usage. Tokio task budget helps prevent this from a complete denial-of-service, as the server can still respond to legitimate requests, albeit with increased latency. Mo...

7AI score
Exploits0Affected Software1
Total number of security vulnerabilities1141