1141 matches found
Borsh serialization of HashMap is non-canonical
The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...
Race condition could lead to WebAssembly control-flow integrity and type safety violations
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7qmx-3fpx-r45m. For more information see the GitHub-hosted security advisory...
get-size-derive is unmaintained
get-size-derive's maintainer seems to be unreachable, with no commits and releases pushed for 1 year and no activity on the GitHub repo. get-size-derive also depends on attribute-derive ^0.6 a version of the crate which uses the yanked crate proc-macro-error. Possible Alternatives - get-size-deri...
get-size is unmaintained
get-size's maintainer seems to be unreachable, with no commits and releases pushed for 1 year and no activity on the GitHub repo. get-size also depends on get-size-derive 0.1.3, which uses attribute-derive ^0.6 a version of the crate which uses the yanked crate proc-macro-error. Possible...
`MemBio::get_buf` has undefined behavior with empty buffers
Previously, MemBio::getbuf called slice::fromrawparts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed...
`rsa-export` is unmaintained
This crate has been deprecated in favour of using the native support for exporting RSA keys into the standard PEM format. See docs.rs documentation. In addition to that, the operations in this crate arithmetic and Base64 encoding are not done in constant-time, potentially exposing the user to...
Non-idiomatic use of iterators leads to use after free
Code that attempts to use an item e.g., a row returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. Code that uses the item and then advances the iterator is unaffected. This problem has always existed. This is ...
`generational-arena` is unmaintained
The generational-arena crate's repository has been archived and is no longer maintained. Alternatives - slotmap...
Improper comparison of different-length signatures
The Webhook::verify function incorrectly compared signatures of different lengths - the two signatures would only be compared up to the length of the shorter signature. This allowed an attacker to pass in v1, as the signature, which would always pass verification...
`conrod` is unmaintained
The crate conrod has been deprecated since version 0.62.0 released in December 2018. The functionality was split across multiple different crates, with the core functionality being transferred to conrodcore. An overview can be found in the conrod repository. If you have this crate in your...
filesystem-rs may be implicitly unmaintained
The last release was over 5 years ago, and the last commit was over 4 years ago. The maintainers have not responded to a pull request to update dependencies that are themselves unmaintained, and which poses the question of maintenance...
Stack overflow during recursive JSON parsing
When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...
Unaligned write of u64 on 32-bit and 16-bit platforms
Affected versions allocate memory using the alignment of usize and write data to it of type u64, without using core::ptr::writeunaligned. In platforms with sub-64bit alignment for usize including wasm32 and x86 these writes are insufficiently aligned some of the time. If using an ordinary optimiz...
Buffer overflow due to integer overflow in `transpose`
Given the function transpose::transpose: rust fn transposeinput: &T, output: &mut T, inputwidth: usize, inputheight: usize The safety check inputwidth inputheight == output.len can fail due to inputwidth inputheight overflowing in such a way that it equals output.len. As a result of failing the...
`openvpn-plugin-rs` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the user TerryDavisSoldier to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longe...
`littest` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user http-tiny and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download...
Potential stack use-after-free in `Instrumented::into_inner`
The implementation of the Instrumented::intoinner method in affected versions of this crate contains undefined behavior due to incorrect use of std::mem::forget The function creates const pointers to self, calls mem::forgetselfstd::mem::forget, and then moves values out of those pointers using...
gix-transport code execution vulnerability
The gix-transport crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading to arbitrary code execution. PoC: gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo' This will launch a calculator on OS...
phonenumber: panic on parsing crafted RF3966 phonenumber inputs
Impact The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Patches...
Exposes reference to non-Sync data to an arbitrary thread
Affected versions do not enforce a Sync bound on the type of caller-provided value held in the plugin registry. References to these values are made accessible to arbitrary threads other than the one that constructed them. A caller could use this flaw to submit thread-unsafe data into inventory,...
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86\_64
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh. For more information see the GitHub-hosted security advisory...
rustls-webpki: CPU denial of service in certificate path building
When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...
`oncecell` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
Unsoundness in `intern` methods on `intaglio` symbol interners
Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...
impl `FromMdbValue` for bool is unsound
The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...
Miscompilation of `i8x16.select` with the same inputs on x86\_64
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xm67-587q-r2vw. For more information see the GitHub-hosted security advisory...
Out of bounds read/write with zero-memory-pages configuration
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-44mr-8vmm-wjhg. For more information see the GitHub-hosted security advisory...
Use After Free with `externref`s in Wasmtime
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-5fhj-g3p3-pq9g. For more information see the GitHub-hosted security advisory...
Incorrect signature verification on gzip-compressed install images
The coreos-installer is a program to fetch a disk image and stream it to a target disk. During the installation process the installation image gpg signatures are verified. The signature verification can be bypassed for gzip-compressed images due to a flaw in gzip coreos-installer wrapper. When th...
`conrod_core` is unmaintained
The conrodcore crate is no longer maintained. The author suggests egui as a potential alternative...
`cosmwasm` is unmaintained
The crate cosmwasm is not used anymore since spring 2020. The functionality was split in multiple different crates, such as the standard library cosmwasm-std and the virtual machine cosmwasm-vm. An overview can be found in the cosmwasm repository. If you have this crate in your dependency tree,...
Some Ref methods are unsound with some type parameters
The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut. See...
`martin-mbtiles` has been renamed to `mbtiles`
Please use the mbtiles crate going forward...
`hpack` is unmaintained
The hpack crate is no longer maintained. Consider using fluke-hpack or httlib-huffman...
BER/CER/DER decoder panics on invalid input
Due to insufficient checking of input data, decoding certain data sequences can lead to bcder panicking rather than returning an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. bcder 0.7.3 fixes these issues by more...
`dlopen_derive` is unmaintained
dlopenderive hasn't been updated since June 9, 2019. dlopenderive depends on quote = "0.6.12" and syn = "0.15.34". Versions 1.0.0 of these dependencies were published on August 13, 2019. The 0. versions haven't received updates since. Note that dlopen is an unmaintained crate from the same...
multipart is Unmaintained
The multipart crate is unmaintained. The author has archived the github repository. Alternatives: - multer - multiparty...
safemem is unmaintained
The latest crates.io release was in 2019. The repository has been archived by the author. Migration - safemem::copyoverslice, srcidx, destidx, len; can be replaced with slice.copywithinsrcidx..srcidx+len, destidx; as of rust 1.37.0. - safemem::writebytesslice, byte; can be replaced with...
Miscompilation of constant values in division on AArch64
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7f6x-jwh5-m9r4. For more information see the GitHub-hosted security advisory...
Vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX
please is vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX on systems where they are not disabled. Here is how to see it in action: $ cd "$mktemp -d" $ git clone --depth 1 https://gitlab.com/edneville/please.git $ cd please/ $ git rev-parse HEAD...