1141 matches found
Degraded secret zeroization capabilities
Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies the Dalek crates, which moved secret zeroization capabilities behind a feature flag while vodozemac disabled the default feature set. Impact The degraded...
Arithmetic overflows in cosmwasm-std
Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: - Uint256,512::pow / Int256,512::pow - Int256,512::neg Affected if overflow-checks ...
`rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input
If a closenotify alert is received during a handshake, completeio does not terminate. Callers which do not call completeio are not affected. rustls-tokio and rustls-ffi do not call completeio and are not affected. rustls::Stream and rustls::StreamOwned types use completeio and are affected...
gix-transport indirect code execution via malicious username
Summary gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose...
`rsa-export` is unmaintained
This crate has been deprecated in favour of using the native support for exporting RSA keys into the standard PEM format. See docs.rs documentation. In addition to that, the operations in this crate arithmetic and Base64 encoding are not done in constant-time, potentially exposing the user to...
Puccinier is unmainted.
The tool has been deprecated in favor of Catppuccin's new tool, whiskers crates.io...
gtk-rs GTK3 bindings - no longer maintained
The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...
gtk-rs GTK3 bindings - no longer maintained
The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...
gtk-rs GTK3 bindings - no longer maintained
The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...
gtk-rs GTK3 bindings - no longer maintained
The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...
gtk-rs GTK3 bindings - no longer maintained
The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...
Memory corruption, denial of service, and arbitrary code execution in libgit2
The libgit2 project fixed three security issues in the 1.7.2 release. These issues are: The gitrevparsesingle function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the git2 crate via the...
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the generation of reset frames on the victim endpoint. By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion, resulting in Out ...
Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8
Affected versions receive a &u8 from the caller through a safe API, and pass it directly to the unsafe str::fromutf8unchecked function. The behavior of ferrissays::say is undefined if the bytes from the caller don't happen to be valid UTF-8. The flaw was corrected in ferris-says21 by using the sa...
Missing facility to signal rotation of a verified cryptographic identity
Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a n...
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Impact An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array lengt...
Some Ref methods are unsound with some type parameters
The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut. See...
Infinite decoding loop through specially crafted payload
The Candid library causes a Denial of Service while parsing a specially crafted payload with empty data type. For example, if the payload is record ; empty and the canister interface expects record then the rust candid decoder treats empty as an extra field required by the type. The problem with...
`openssl` `X509StoreRef::objects` is unsound
This function returned a shared reference into an OpenSSL datastructure but did not account for interior mutability. OpenSSL may modify the data behind this reference, meaning accesses can race and the reference is unsound. Use of this function should be replaced with X509StoreRef::allcertificate...
Marvin Attack: potential key recovery through timing sidechannels
Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. Patches No patch is yet available, however work is underway to migrate...
`openvpn-plugin-rs` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the user TerryDavisSoldier to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longe...
`acceptxmr-rs` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...
`lasso-rs` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...
`loopdev` crate is unmaintained; use 'loopdev-3` instead.
The loopdev crate was last released in Oct, 2021. It has been unable to build in Fedora 38 and above since April, 2023. The loopdev-3 crate is a maintained fork: https://github.com/stratis-storage/loopdev-3...
Remotely exploitable DoS condition in Rosenpass <=0.2.0
Affected version do this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to decod...
`MaybeUninit` misuse in `simd-json-derive`
An invalid use of MaybeUninit::uninit.assumeinit in simd-json-derive's derive macro can cause undefined behavior. The original code used MaybeUninit to avoid initialisation of the struct and then set the fields using ptr::write. The undefined behavior triggered by this misuse of MaybeUninit can...
gix-transport code execution vulnerability
The gix-transport crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading to arbitrary code execution. PoC: gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo' This will launch a calculator on OS...
Denial of service in Quinn servers
Receiving QUIC frames containing a frame with unknown frame type could lead to a panic. Unfortunately this is issue was not found by our fuzzing infrastructure. Thanks to the QUIC Tester research group for reporting this issue...
HPACK decoder panics on invalid input
Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
An issue was discovered in the default implementations of the VolatileMemory::getatomicref, alignedasref, alignedasmut, getref, getarrayref trait functions, which allows out-of-bounds memory access if the VolatileMemory::getslice function returns a VolatileSlice whose length is less than the...
webpki: CPU denial of service in certificate path building
When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in and...
`postgresderive` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
`serd` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
Use-after-free in `vec_insert_bytes`
Incorrect reallocation logic in the function vecinsertbytes causes a use-after-free. This function does not have to be called directly to trigger the vulnerability because many methods on EncodingWriter call this function internally. The mail-\ suite is unmaintained and the upstream sources have...
Logs AWS credentials when TRACE-level logging is enabled
aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...
ftp is unmaintained, use suppaftp instead
The ftp crate is not maintained any more; use suppaftp instead...
Use after free with `externref`s and epoch interruption in Wasmtime
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gwc9-348x-qwv2. For more information see the GitHub-hosted security advisory...
Uninitalized memory read & leak caused by fuser crate
During creation of new libfuse session with fusesessionnew operation list was passed as NULL incorrectly. libfuse expects this argument to always point to list of operations. This caused uninitialized memory read and leaks in libfuse.so...
Invalid pointer dereference in `fmt::Pointer` impl for `Atomic` and `Shared` when the underlying pointer is invalid
Affected versions of fmt::Display dereference the underlying pointer. This causes a invalid pointer dereference e.g., when a pointer created with Atomic::null or Shared::null. fmt::Debug impls and pre-0.9 fmt::Display impls, which do not dereference pointers, are not affected by this issue...
`tree-sitter-perl-next` is unmaintained
The author of tree-sitter-perl-next has stated that the crate is unmaintained and will not receive further fixes see the repo's readme. Alternatives - ts-parser-perl , an actively maintained tree-sitter Perl grammar that tree-sitter-perl-next initially forked...
`Array::insert` violates exception safety if compare function panics, leading to potential Double-Free
In affected versions of this crate, Array::insert is not exception safe. In the UPSERT path, key and value's snapshot is written to self.datablock, and after the insertion is completed, key and value are mem::forget in order to prevent double free. However, during the insertion, K::compare is...
Non-painting replaced elements amplify to thousands of blank PDF pages (denial of service)
fulgur converts untrusted HTML/CSS into PDF, commonly on a server that processes input supplied by many tenants. In versions prior to 0.26.0, a childless box that resolves to a pathologically tall height was amplified into thousands of blank PDF pages, even when it produces no visible output. The...
Unbounded page slicing from attacker-controlled CSS height causes denial of service
fulgur converts untrusted HTML/CSS into PDF, commonly on a server that processes input supplied by many tenants. In versions prior to 0.19.0, a body-direct child whose CSS-resolved height greatly exceeds the page height was sliced into one fragment per page with no upper bound. The height is take...
`Report::frames_mut` allows aliased mutable references
Affected versions of this crate return an iterator from Report::framesmut whose &mut Frame items have lifetimes independent of the iterator, so all yielded references can be held at the same time. A yielded frame's sources are also yielded by the iterator and reachable through the parent frame vi...
`cgmath` is unmaintained
The cgmath crate is no longer maintained. Users should consider switching to a maintained alternative...
Panic in `bcrypt::verify` on non-ASCII hash input
bcrypt::verifypassword, hash and HashParts::fromstrhash panic in str::sliceerrorfail when given a 60-byte &str containing a multi-byte UTF-8 character at certain byte positions. Impact Any Rust code that calls bcrypt::verify or HashParts::fromstr with an attacker-controlled hash string will panic...
`tokio-timer` is unmaintained
The tokio-timer crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...
`Matrix{2,3,4}::swap_columns` can trigger undefined behavior for identical indices
The Matrix2::swapcolumns, Matrix3::swapcolumns, and Matrix4::swapcolumns implementations call ptr::swap&mut selfa, &mut selfb. When a == b, these safe APIs create two mutable references to the same matrix column and pass them to ptr::swap. This violates Rust's aliasing rules and can trigger...
Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...
PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC...