Lucene search
K
RustsecMost viewed

1141 matches found

RustSec
RustSec
added 2023/12/01 12:0 p.m.6 views

KyberSlash: division timings depending on secrets

Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...

7AI score
Exploits0
RustSec
RustSec
added 2023/11/22 12:0 p.m.6 views

Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. Impact If a program using the aes-gcm crate's decryptinplace APIs accesses the buffer after decryption failure, it will contain a...

5.5CVSS7.1AI score0.00262EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2023/11/18 12:0 p.m.6 views

`hann-rs-service` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user TerryDavisSoldier to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longe...

5.9AI score
Exploits0
RustSec
RustSec
added 2023/11/15 12:0 p.m.6 views

`monero-api` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
added 2023/10/12 12:0 p.m.6 views

`fehler` is unmaintained; use `culpa` instead

The fehler crate is no longer maintained. Consider using culpa instead...

7.2AI score
Exploits0
RustSec
RustSec
added 2023/09/10 12:0 p.m.6 views

Fails to prohibit standard library access prior to initialization of Rust standard library runtime

Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...

7.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2023/09/03 12:0 p.m.6 views

Multiple soundness issues

lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2023/09/03 12:0 p.m.6 views

Multiple soundness issues

RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2023/08/16 12:0 p.m.6 views

`xrvrv` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
added 2023/08/16 12:0 p.m.6 views

`envlogger` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
added 2023/08/16 12:0 p.m.6 views

`lazystatic` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
added 2023/08/07 12:0 p.m.6 views

`tui` is unmaintained; use `ratatui` instead

The tui crate is no longer maintained. Consider using the ratatui crate instead...

7.2AI score
Exploits0
RustSec
RustSec
added 2023/04/21 12:0 p.m.6 views

Undefined Behavior in Rust runtime functions

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ch89-5g45-qwc7. For more information see the GitHub-hosted security advisory...

8.8CVSS7AI score0.0045EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2022/11/05 12:0 p.m.6 views

Data leakage between instances in the pooling allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf. For more information see the GitHub-hosted security advisory...

8.6CVSS7AI score0.00657EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2022/06/27 12:0 p.m.6 views

Miscompilation of `i8x16.swizzle` and `select` with v128 inputs

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jqwc-c49r-4w2x. For more information see the GitHub-hosted security advisory...

6.8CVSS7AI score0.01625EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2022/02/17 12:0 p.m.6 views

Invalid drop of VMExternRef from partially-initialized instances in the pooling instance allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-88xq-w8cq-xfg7. For more information see the GitHub-hosted security advisory...

8.1CVSS7AI score0.00772EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2022/02/08 12:0 p.m.6 views

`structopt` is in maintenance mode

structopt has been in maintenance mode, with no new development planned, since at least February of 2022. The status of structopt is discussed in a pinned issue. Recommended alternative The structopt derive wrapper was incorporated into clap v3. There is a migration guideclap-migration for...

5.7AI score
Exploits0
RustSec
RustSec
added 2026/03/04 12:0 p.m.5 views

All-Zero Key Generation on Catastrophic RNG Failure

The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found. If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secre...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/03/04 12:0 p.m.5 views

Incorrect Output of Incremental Portable SHAKE API

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/03/02 12:0 p.m.5 views

Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

8.2CVSS7.5AI score0.01079EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/11/07 12:0 p.m.5 views

Underflow in aes_key_unwrap function

The aeskeyunwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value...

5.3CVSS6.9AI score0.00302EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/10/18 12:0 p.m.5 views

`unic-char` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icuproperties...

7AI score
Exploits0
RustSec
RustSec
added 2025/10/18 12:0 p.m.5 views

`unic-ucd-block` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained...

7AI score
Exploits0
RustSec
RustSec
added 2025/10/18 12:0 p.m.5 views

`unic-utils` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained...

7AI score
Exploits0
RustSec
RustSec
added 2025/09/11 12:0 p.m.5 views

matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

6.9CVSS6.9AI score0.00374EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/08/24 12:0 p.m.5 views

async-std has been discontinued

The async-std has been discontinued. Alternatives: - smol...

7.2AI score
Exploits0
RustSec
RustSec
added 2025/08/14 12:0 p.m.5 views

User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows

The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...

7.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/01/13 12:0 p.m.5 views

Out of bounds write triggered by crafted coverage data

Function grcov::covdir::getcoverage uses the unsafe function getuncheckedmut without validating that the index is in bounds. This results in memory corruption, and could potentially allow arbitrary code execution provided that an attacker can feed the tool crafted coverage data...

7.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/01/13 12:0 p.m.5 views

Segmentation fault due to lack of bound check

In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...

7.4AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/23 12:0 p.m.5 views

Unsound usages of `core::slice::from_raw_parts`

We consider asslice and asslicemut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated fromparts. We consider that fromparts should be removed in latest version because it will help trigger...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/19 12:0 p.m.5 views

Unsound usages of `Vec::from_raw_parts`

The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/09 12:0 p.m.5 views

`idna` accepts Punycode labels that do not produce any non-ASCII when decoded

idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...

8.8CVSS7.2AI score0.00201EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2024/12/05 12:0 p.m.5 views

Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/04 12:0 p.m.5 views

Unsound usages of `std::slice::from_raw_parts`

The library breaks the safety assumptions when using unsafe API std::slice::fromrawparts. First, when using the API in iterator implementation TempFdArrayIterator.next, generic type could be any type, which would create and pass a misaligned pointer to the unsafe API. Second, when validating the...

7.5AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/11/14 12:0 p.m.5 views

Denial of service because of stack overflow with malicious decompression input

A denial of service vulnerability was found in zlib-rs, triggered by specially constructed input. This input causes a stack overflow, resulting in the process using zlib-rs to crash. Impact Due to the way LLVM handles the zlib-rs codebase, tail calls were not guaranteed. This caused certain input...

7.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/10/31 12:0 p.m.5 views

Multiple soundness issues

fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...

7.2AI score
Exploits0
RustSec
RustSec
added 2024/10/12 12:0 p.m.5 views

Risk of use-after-free in `borrowed` reads from Python weak references

The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the weak reference does itself not have ownership of the value. At any point the last strong reference could be cleared and the borrowed value would become dangling. In PyO3 0.22.4...

5.3CVSS6.9AI score0.00204EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/10/07 12:0 p.m.5 views

Heap Buffer overflow using c_chars_to_str function

The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/10/03 12:0 p.m.5 views

Race condition could lead to WebAssembly control-flow integrity and type safety violations

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7qmx-3fpx-r45m. For more information see the GitHub-hosted security advisory...

2.9CVSS7AI score0.00152EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/10/02 12:0 p.m.5 views

Runtime crash when combining tail calls with stack traces

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q8hx-mm92-4wvg. For more information see the GitHub-hosted security advisory...

5.5CVSS7AI score0.00244EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/09/15 12:0 p.m.5 views

get-size-derive is unmaintained

get-size-derive's maintainer seems to be unreachable, with no commits and releases pushed for 1 year and no activity on the GitHub repo. get-size-derive also depends on attribute-derive ^0.6 a version of the crate which uses the yanked crate proc-macro-error. Possible Alternatives - get-size-deri...

7.1AI score
Exploits0
RustSec
RustSec
added 2024/09/08 12:0 p.m.5 views

Unsoundness in anstream

When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80. When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence. This will produce a brok...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/08/26 12:0 p.m.5 views

`cw0` is unmaintained

The crate cw0 was first renamed to utils in 2021 and then to cw-utils because utils was already claimed on crates.io. The crate cw0 is not maintained anymore since then and should be replaced with cw-utils...

7AI score
Exploits0
RustSec
RustSec
added 2024/08/14 12:0 p.m.5 views

minitrace is Unmaintained

The minitrace maintainers have decided to continue the development of minitrace under a new organizational structure to improve community governance. In the meantime, minitrace will no longer be maintained. For more details, refer to tikv/minitrace-rust229. Possible Alternatives fastrace is...

7.1AI score
Exploits0
RustSec
RustSec
added 2024/07/26 12:0 p.m.5 views

`XmpFile::close` can trigger UB

Affected versions of the crate failed to catch C++ exceptions raised within the XmpFile::close function. If such an exception occured, it would trigger undefined behavior, typically a process abort. This is best demonstrated in issue 230, where a race condition causes the close call to fail due t...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/07/23 12:0 p.m.5 views

Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity. This allows someone with access to the logs t...

7.5CVSS7.3AI score0.0071EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/07/18 12:0 p.m.5 views

op_panic in the base runtime can force a panic in the runtime's containing thread

Affected versions use denocore releases that expose Deno.core.ops.oppanic to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing It can be fixed by stubbing out the exposed op: javascript Deno.core.ops.oppanic...

7AI score
Exploits0
RustSec
RustSec
added 2024/07/18 12:0 p.m.5 views

Ambiguous challenge derivation

Challenge derivation in non-interactive ZK proofs was ambiguous and that could lead to security vulnerability however, it's unknown if it could be exploited...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/07/01 12:0 p.m.5 views

Incorrect usage of `#[repr(packed)]`

The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/06/26 12:0 p.m.5 views

Low severity (DoS) vulnerability in sequoia-openpgp

There is a denial-of-service vulnerability in sequoia-openpgp, our crate providing a low-level interface to our OpenPGP implementation. When triggered, the process will enter an infinite loop. Many thanks to Andrew Gallagher for disclosing the issue to us. Impact Any software directly or indirect...

7.5CVSS7.1AI score0.00361EPSS
Exploits1Affected Software1
Total number of security vulnerabilities1141