1141 matches found
KyberSlash: division timings depending on secrets
Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...
Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Summary In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. Impact If a program using the aes-gcm crate's decryptinplace APIs accesses the buffer after decryption failure, it will contain a...
`hann-rs-service` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the user TerryDavisSoldier to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longe...
`monero-api` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...
`fehler` is unmaintained; use `culpa` instead
The fehler crate is no longer maintained. Consider using culpa instead...
Fails to prohibit standard library access prior to initialization of Rust standard library runtime
Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...
Multiple soundness issues
lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...
Multiple soundness issues
RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...
`xrvrv` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
`envlogger` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
`lazystatic` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
`tui` is unmaintained; use `ratatui` instead
The tui crate is no longer maintained. Consider using the ratatui crate instead...
Undefined Behavior in Rust runtime functions
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ch89-5g45-qwc7. For more information see the GitHub-hosted security advisory...
Data leakage between instances in the pooling allocator
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf. For more information see the GitHub-hosted security advisory...
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jqwc-c49r-4w2x. For more information see the GitHub-hosted security advisory...
Invalid drop of VMExternRef from partially-initialized instances in the pooling instance allocator
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-88xq-w8cq-xfg7. For more information see the GitHub-hosted security advisory...
`structopt` is in maintenance mode
structopt has been in maintenance mode, with no new development planned, since at least February of 2022. The status of structopt is discussed in a pinned issue. Recommended alternative The structopt derive wrapper was incorporated into clap v3. There is a migration guideclap-migration for...
All-Zero Key Generation on Catastrophic RNG Failure
The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found. If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secre...
Incorrect Output of Incremental Portable SHAKE API
The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...
Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...
Underflow in aes_key_unwrap function
The aeskeyunwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value...
`unic-char` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icuproperties...
`unic-ucd-block` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained...
`unic-utils` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained...
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...
async-std has been discontinued
The async-std has been discontinued. Alternatives: - smol...
User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows
The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...
Out of bounds write triggered by crafted coverage data
Function grcov::covdir::getcoverage uses the unsafe function getuncheckedmut without validating that the index is in bounds. This results in memory corruption, and could potentially allow arbitrary code execution provided that an attacker can feed the tool crafted coverage data...
Segmentation fault due to lack of bound check
In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...
Unsound usages of `core::slice::from_raw_parts`
We consider asslice and asslicemut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated fromparts. We consider that fromparts should be removed in latest version because it will help trigger...
Unsound usages of `Vec::from_raw_parts`
The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...
Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...
Unsound usages of `std::slice::from_raw_parts`
The library breaks the safety assumptions when using unsafe API std::slice::fromrawparts. First, when using the API in iterator implementation TempFdArrayIterator.next, generic type could be any type, which would create and pass a misaligned pointer to the unsafe API. Second, when validating the...
Denial of service because of stack overflow with malicious decompression input
A denial of service vulnerability was found in zlib-rs, triggered by specially constructed input. This input causes a stack overflow, resulting in the process using zlib-rs to crash. Impact Due to the way LLVM handles the zlib-rs codebase, tail calls were not guaranteed. This caused certain input...
Multiple soundness issues
fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...
Risk of use-after-free in `borrowed` reads from Python weak references
The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the weak reference does itself not have ownership of the value. At any point the last strong reference could be cleared and the borrowed value would become dangling. In PyO3 0.22.4...
Heap Buffer overflow using c_chars_to_str function
The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...
Race condition could lead to WebAssembly control-flow integrity and type safety violations
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7qmx-3fpx-r45m. For more information see the GitHub-hosted security advisory...
Runtime crash when combining tail calls with stack traces
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q8hx-mm92-4wvg. For more information see the GitHub-hosted security advisory...
get-size-derive is unmaintained
get-size-derive's maintainer seems to be unreachable, with no commits and releases pushed for 1 year and no activity on the GitHub repo. get-size-derive also depends on attribute-derive ^0.6 a version of the crate which uses the yanked crate proc-macro-error. Possible Alternatives - get-size-deri...
Unsoundness in anstream
When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80. When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence. This will produce a brok...
`cw0` is unmaintained
The crate cw0 was first renamed to utils in 2021 and then to cw-utils because utils was already claimed on crates.io. The crate cw0 is not maintained anymore since then and should be replaced with cw-utils...
minitrace is Unmaintained
The minitrace maintainers have decided to continue the development of minitrace under a new organizational structure to improve community governance. In the meantime, minitrace will no longer be maintained. For more details, refer to tikv/minitrace-rust229. Possible Alternatives fastrace is...
`XmpFile::close` can trigger UB
Affected versions of the crate failed to catch C++ exceptions raised within the XmpFile::close function. If such an exception occured, it would trigger undefined behavior, typically a process abort. This is best demonstrated in issue 230, where a race condition causes the close call to fail due t...
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity. This allows someone with access to the logs t...
op_panic in the base runtime can force a panic in the runtime's containing thread
Affected versions use denocore releases that expose Deno.core.ops.oppanic to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing It can be fixed by stubbing out the exposed op: javascript Deno.core.ops.oppanic...
Ambiguous challenge derivation
Challenge derivation in non-interactive ZK proofs was ambiguous and that could lead to security vulnerability however, it's unknown if it could be exploited...
Incorrect usage of `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
Low severity (DoS) vulnerability in sequoia-openpgp
There is a denial-of-service vulnerability in sequoia-openpgp, our crate providing a low-level interface to our OpenPGP implementation. When triggered, the process will enter an infinite loop. Many thanks to Andrew Gallagher for disclosing the issue to us. Impact Any software directly or indirect...